Firm warns of NetWare security hole

IT managers of NetWare 5.1 and NetWare 6 networks need to be aware of a vulnerability in the operating system that makes it subject to intrusions that could cause the system to crash., an IT security firm, reported Thursday that NetWare 5.1 and 6 are vulnerable to a buffer overflow condition that could affect server operation.

Both operating systems can be attacked through the NetWare 6 Remote Manager utility, also called the Portal NLM (NetWare Loadable Module), a Web-based server management interface.

With scripts or just the correct combination of keystrokes, intruders could cause servers to crash or abend (Abnormal End), or they could execute code on the server.

IXSecurity claims it notified Novell Inc. last month about the problem and Novell failed to respond. IXSecurity suggests that users disable the NetWare Remote Manager NLM called HTTPSTK.NLM until Novell issues a patch.

The vulnerability occurs when an intruder enters a username or password that is too long when prompted by the NetWare Remote Manager utility.

Novell indicates it will have a patch for this vulnerability as soon as Friday. The patch, which should be applied to all NetWare 5.1 and 6 servers, can be downloaded from the technical patch site, located at The patch will also be added into the next Novell support pack.