NetWare HTTP Vulnerabilities
Created 11/25/02
CAN 2002-1436
CAN 2002-1437
CAN 2002-1438
Impact
A remote attacker could execute arbitrary commands on the
server.
Background
The NetWare Enterprise Web Server
is included in various NetWare operating systems.
The Problem
The NetWare Enterprise Web Server comes with a PERL handler
which will execute PERL commands in the HTTP POST data.
Thus a remote attacker can execute arbitrary commands by
submitting them within an HTTP POST request.
NetWare 5.1 and 6.0 with PERL version 5.003 are affected by
this vulnerability. Systems using PERL 5.6 are not affected.
Resolutions
Apply the patch referenced in
Novell
Technical Information Document 2963307.
Where can I read more about this?
More information is available in
Novell
Technical Information Document 2963307 and
Bugtraq ID 5520.