cqure.net.20020408.netware_nwftpd.a

["Patrik Karlsson" <patrik.karlsson () se pwcglobal com>]

cqure.net Security Vulnerability Report
No: cqure.net.20020408.netware_nwftpd.a
========================================

Vulnerability Summary
---------------------
Problem:           The Netware FTP server has a DOS vulnerability.

Threat:            An attacker could cause the server cpu to spike
                   at 100% cpu hogging the server and causing a DOS,
                   preventing legitimate users access to the server.

Affected Software: Netware FTP server.

Platform:          Netware 6.0 SP 1 verified.

Solution:          Install patch from Novell as soon as it becomes
                   available.

Vulnerability Description
-------------------------
An attacker could cause the server to spike at 100% cpu, prohibiting
legitime users to access the server. This is done by connecting to the
server using netcat or telnet and simply typing an enter. Due to the
impact of this issue, it is not recommended to have unprotected ftp
servers on public networks. Since there is no patch yet, we urge you
to shutdown the ftp server or filter incoming connections as soon as
possible.

Solution
--------
Disable the ftp server or make sure only trusted people can connect
to it by filtering incoming connections.

Install patch from Novell as soon as it becomes available.

Additional Information
----------------------
Novell was contacted 20020408 but has not yet responded to the issue.

This vulnerability was found and researched by
Patrik Karlsson & Jonas Ländin
patrik.karlsson () se pwcglobal com
jonas.landin () ixsecurity com

This document is also available at: http://www.cqure.net/advisories/