Test Kennung:	1.3.6.1.4.1.25623.1.0.801959
Kategorie:	Buffer overflow
Titel:	Novell File Reporter Engine 'RECORD' Processing Buffer Overflow Vulnerability
Zusammenfassung:	This host is installed with Novell File Reporter engine and is; prone to buffer overflow vulnerability.
Beschreibung:	Summary: This host is installed with Novell File Reporter engine and is prone to buffer overflow vulnerability. Vulnerability Insight: The flaw is due to a boundary error in the 'NFREngine.exe' when parsing certain tags inside a RECORD element. This can be exploited to cause a stack-based buffer overflow via specially crafted packets sent to TCP port 3035. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code with SYSTEM privileges or cause denial of service. Affected Software/OS: Novell File Reporter Engine version prior to 1.0.2.53 Solution: Upgrade Novell File Reporter Engine 1.0.2.53 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2220 Bugtraq: 20110627 ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/518632/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-227 http://securitytracker.com/id?1025722 http://secunia.com/advisories/45065 http://securityreason.com/securityalert/8305
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.