CVE-2010-4227

Novell Netware < 6.5 SP8 - Remote Code Execution via Crafted NFS RPC Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4227. PoCs published by Francis Provencher.

AI-analyzed exploit summary This exploit sends a malformed UDP packet to a NetWare server's MOUNT service (RPC program 10005) to trigger a denial-of-service condition. The payload is a crafted RPC call with a NULL verifier, causing the service to crash.

Description

The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Francis Provencher · rubydosnetware

https://www.exploit-db.com/exploits/16234

View Code ZIP pw:eip

This exploit sends a malformed UDP packet to a NetWare server's MOUNT service (RPC program 10005) to trigger a denial-of-service condition. The payload is a crafted RPC call with a NULL verifier, causing the service to crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Novell NetWare (MOUNT service)

No auth needed

Prerequisites: Network access to the target server · UDP port 1234 (or specified port) accessible

MITRE ATT&CK