Firm warns of NetWare security hole

IT managers of NetWare 5.1 and NetWare 6 networks need to be aware of a vulnerability in the operating system that makes it subject to intrusions that could cause the system to crash., an IT security firm, reported Thursday that NetWare 5.1 and 6 are vulnerable to a buffer overflow condition that could affect server operation.

Both operating systems can be attacked through the NetWare 6 Remote Manager utility, also called the Portal NLM (NetWare Loadable Module), a Web-based server management interface.

With scripts or just the correct combination of keystrokes, intruders could cause servers to crash or abend (Abnormal End), or they could execute code on the server.

IXSecurity claims it notified Novell Inc. last month about the problem and Novell failed to respond. IXSecurity suggests that users disable the NetWare Remote Manager NLM called HTTPSTK.NLM until Novell issues a patch.

The vulnerability occurs when an intruder enters a username or password that is too long when prompted by the NetWare Remote Manager utility.

Novell indicates it will have a patch for this vulnerability as soon as Friday. The patch, which should be applied to all NetWare 5.1 and 6 servers, can be downloaded from the technical patch site, located at The patch will also be added into the next Novell support pack.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.