CVE-2010-0317

Novell Netware 6.5 SP8 - Denial of Service via Malformed CIFS or AFP Requests

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0317. PoCs published by Francis Provencher.

AI-analyzed exploit summary This Perl script exploits a memory consumption vulnerability in Novell Netware CIFS and AFP services by sending randomly generated strings to the target, causing a denial of service. It continuously sends data to the target port 548, overwhelming the system's memory.

Description

Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Francis Provencher · perldosmultiple

https://www.exploit-db.com/exploits/11009

View Code ZIP pw:eip

This Perl script exploits a memory consumption vulnerability in Novell Netware CIFS and AFP services by sending randomly generated strings to the target, causing a denial of service. It continuously sends data to the target port 548, overwhelming the system's memory.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Novell Netware 6.5 SP8

No auth needed

Prerequisites: Network access to the target system · Target running Novell Netware 6.5 SP8 with CIFS or AFP services exposed

MITRE ATT&CK