ID de Prueba:	1.3.6.1.4.1.25623.1.0.801959
Categoría:	Buffer overflow
Título:	Novell File Reporter Engine 'RECORD' Processing Buffer Overflow Vulnerability
Resumen:	Novell File Reporter engine is prone to a buffer overflow vulnerability.
Descripción:	Summary: Novell File Reporter engine is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to a boundary error in the 'NFREngine.exe' when parsing certain tags inside a RECORD element. This can be exploited to cause a stack-based buffer overflow via specially crafted packets sent to TCP port 3035. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code with SYSTEM privileges or cause denial of service. Affected Software/OS: Novell File Reporter Engine version prior to 1.0.2.53 Solution: Upgrade Novell File Reporter Engine 1.0.2.53 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2220 Bugtraq: 20110627 ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/518632/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-227 http://securitytracker.com/id?1025722 http://secunia.com/advisories/45065 http://securityreason.com/securityalert/8305
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.