| Vulnerability Name: | CVE-2006-2327 (CCN-26314) | ||||||||
| Assigned: | 2006-05-08 | ||||||||
| Published: | 2006-05-08 | ||||||||
| Updated: | 2018-10-18 | ||||||||
| Summary: | Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. Apply fix for Novell NetWare 6.5 Support Pack 3, 4, or 5. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-189 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Mon May 15 2006 - 09:40:07 CD Novell NDPS Remote Vulnerability (Server & Client) Source: MITRE Type: CNA CVE-2006-2304 Source: MITRE Type: CNA CVE-2006-2327 Source: FULLDISC Type: UNKNOWN 20060515 Novell NDPS Remote Vulnerability (Server & Client) Source: CCN Type: SA20048 Novell Distributed Print Services Integer Overflow Vulnerability Source: CCN Type: SECTRACK ID: 1016052 Novell Client Buffer Overflow in `DPRPCW32.DLL` Lets Remote Users Execute Arbitrary Code Source: CCN Type: SECTRACK ID: 1016068 NetWare Integer Overflow in NDPS/iPrint May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch 1016068 Source: CCN Type: Novell Technical Information Document TID2973700 Security release for DPRPCNLM Source: CONFIRM Type: Patch http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973700.htm Source: CCN Type: Novell Technical Information Document TID2973719 Novell Client 4.91 Post-SP2 DPRPCW32.DLL Source: CCN Type: Hustle Labs Advisory 15-May-2006 Novell Ditributed Print Services Remote Integer Overflow Source: MISC Type: Patch, Vendor Advisory http://www.hustlelabs.com/novell_ndps_advisory.pdf Source: OSVDB Type: UNKNOWN 25433 Source: CCN Type: OSVDB ID: 25429 Novell Client for Windows DPRPC library (DPRPCW32.DLL) ndps_xdr_array Function Remote Overflow Source: CCN Type: OSVDB ID: 25433 Novell NetWare Distributed Print Services DPRPCNLM.NLM Overflow Source: BUGTRAQ Type: UNKNOWN 20060515 Novell NDPS Remote Vulnerability (Server & Client) Source: BID Type: Patch 17922 Source: CCN Type: BID-17922 Novell NetWare Distributed Print Services Integer Overflow Vulnerability Source: CCN Type: BID-17931 Novell Client Unspecified Buffer Overflow Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2006-1740 Source: XF Type: UNKNOWN novell-ndps-overflow(26314) Source: XF Type: UNKNOWN novell-ndps-overflow(26314) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||