Short Name |
APP:NOVELL:ZENWORKS-CONTENT-LEN |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Novell ZENworks Malformed Content Length |
Release Date |
2006/02/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9. Attackers can send a HTTP POST request with a negative Content-Length parameter; a successful attack can cause a heap-base buffer overflow and allow arbitrary code execution.
Novell Remote Manager (novell-nrm) is prone to a remotely exploitable heap overflow vulnerability. This issue may be triggered by a malicious HTTP request header. Successful exploitation will allow for arbitrary code execution in the context of the application. Novell Remote Manager ships with the SuSE Open Enterprise Server only.