CVE-2005-2852

Novell Netware 6.5 SP2/SP3, 5.1, 6.0 - Denial of Service via Incorrect CIFS Password Length

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-2852. PoCs published by Metasploit, toto, including Metasploit module exploits/netware/smb/lsass_cifs.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in the Novell NetWare CIFS.NLM driver (CVE-2005-2852) via a malformed DCERPC request. It leverages a vulnerable function call to execute arbitrary payloads in kernel space, potentially causing system instability or crashes.

Description

Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotenetware
https://www.exploit-db.com/exploits/16832

This exploit targets a stack buffer overflow in the Novell NetWare CIFS.NLM driver (CVE-2005-2852) via a malformed DCERPC request. It leverages a vulnerable function call to execute arbitrary payloads in kernel space, potentially causing system instability or crashes.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Novell NetWare 6.5 (various SP versions)
Auth required
Prerequisites: Network access to target · Valid SMB credentials · DCERPC/SMB access
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by toto · rubypocnetware
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/netware/smb/lsass_cifs.rb

This Metasploit module exploits a stack buffer overflow in the NetWare CIFS.NLM driver (CVE-2005-2852) via a maliciously crafted DCERPC call to achieve remote code execution. The exploit targets multiple NetWare 6.5 service packs and uses a push-esp-ret technique to redirect execution to the payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Novell NetWare 6.5 (various service packs)
Auth required
Prerequisites: Network access to target · Valid SMB credentials · DCERPC access to the LSARPC pipe
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971832.htm
Patch, Vendor Advisory x_refsource_confirm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971821.htm
Patch, Vendor Advisory x_refsource_confirm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971822.htm

Scores

EPSS 0.3956
EPSS Percentile 98.4%

Details

Status published
Products (3)
novell/netware 5.1
novell/netware 6.0
novell/netware 6.5 sp2 (2 CPE variants)
Published Sep 08, 2005
Tracked Since Feb 18, 2026