CVE-2006-2304
Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 - Remote Code Execution via XDR Encoded Array Integer Overflow
Title source: llmDescription
Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow.
References (10)
Core 10
Core References
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016052
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20048
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1759
Patch, Vendor Advisory x_refsource_misc
http://www.hustlelabs.com/novell_ndps_advisory.pdf
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046048.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26314
Patch x_refsource_confirm
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973719.htm
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17931
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/434017/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25429
Scores
EPSS
0.0931
EPSS Percentile
92.9%
Details
Status
published
Products (3)
novell/client
4.83 sp3
novell/client
4.90 sp2
novell/client
4.91 sp2
Published
May 11, 2006
Tracked Since
Feb 18, 2026