First published: Mon Apr 05 2010(Updated: )
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Novell NetWare FTP Server | =5.01i | |
Novell NetWare FTP Server | =5.01o | |
Novell NetWare FTP Server | =5.01w | |
Novell NetWare FTP Server | =5.01y | |
Novell NetWare FTP Server | =5.02b | |
Novell NetWare FTP Server | =5.02i | |
Novell NetWare FTP Server | =5.02r | |
Novell NetWare FTP Server | =5.02y | |
Novell NetWare FTP Server | =5.03b | |
Novell NetWare FTP Server | =5.03l | |
Novell NetWare FTP Server | =5.04.5 | |
Novell NetWare FTP Server | =5.04.8 | |
Novell NetWare FTP Server | =5.04.20 | |
Novell NetWare FTP Server | =5.04.25 | |
Novell NetWare FTP Server | =5.05 | |
Novell NetWare FTP Server | =5.05.04 | |
Novell NetWare FTP Server | =5.06.04 | |
Novell NetWare FTP Server | =5.06.05 | |
Novell NetWare FTP Server | =5.07 | |
Novell NetWare FTP Server | =5.07.02 | |
Novell NetWare FTP Server | =5.1 | |
Novell NetWare FTP Server | =5.1-sp2a | |
Novell NetWare FTP Server | =5.1-sp3 | |
Novell NetWare FTP Server | =5.1-sp4 | |
Novell NetWare FTP Server | =5.1-sp6 | |
Novell NetWare FTP Server | =6.0 | |
Novell NetWare FTP Server | =6.0-sp1 | |
Novell NetWare FTP Server | =6.0-sp2 | |
Novell NetWare FTP Server | =6.0-sp3 | |
Novell NetWare FTP Server | =6.5 | |
Novell NetWare FTP Server | =6.5-sp1 | |
Novell NetWare FTP Server | =6.5-sp1.1a | |
Novell NetWare FTP Server | =6.5-sp1.1b | |
Novell NetWare FTP Server | =6.5-sp2 | |
Novell NetWare FTP Server | =6.5-sp3 | |
Novell NetWare FTP Server | =6.5-sp4 | |
Novell NetWare FTP Server | =6.5-sp5 | |
Novell NetWare FTP Server | =6.5-sp6 | |
Novell NetWare FTP Server | =6.5-sp7 | |
Novell NetWare FTP Server | =6.5-sp8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2010-0625 is categorized as a medium severity vulnerability due to its potential for denial of service and arbitrary code execution.
To fix CVE-2010-0625, you should upgrade the NWFTPD.nlm to version 5.10.01 or later.
Exploitation of CVE-2010-0625 can lead to a denial of service by crashing the FTP daemon and may allow for arbitrary code execution.
CVE-2010-0625 affects Novell NetWare versions from 5.1 through 6.5 SP8 with specific vulnerabilities in NWFTPD.nlm.
CVE-2010-0625 can be exploited by remote authenticated users who send crafted commands to the affected FTP server.