CVE-2011-4191

Novell NetWare 6.5 SP8 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2011-4191. PoCs published by Francis Provencher.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in Novell Netware's xnfs.nlm component via a malformed NLM_TEST RPC request. The PoC sends a crafted UDP packet to port 32779, exploiting the vulnerability to achieve remote code execution without authentication.

Description

Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Francis Provencher · textdosnetware

https://www.exploit-db.com/exploits/18351

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in Novell Netware's xnfs.nlm component via a malformed NLM_TEST RPC request. The PoC sends a crafted UDP packet to port 32779, exploiting the vulnerability to achieve remote code execution without authentication.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Novell Netware 6.5 SP8

No auth needed

Prerequisites: Network access to UDP port 32779 on the target · Vulnerable Novell Netware installation

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Francis Provencher · textdosnetware

https://www.exploit-db.com/exploits/18328

View Code ZIP pw:eip

This exploit targets a stack-based buffer overflow in Novell Netware's XNFS.NLM component via a malformed STAT_NOTIFY RPC request. The PoC sends a crafted UDP packet to port 32778, potentially leading to remote code execution without authentication.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Novell Netware 6.5 SP8

No auth needed

Prerequisites: Network access to UDP/TCP port 32778 on the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Francis Provencher · textdosnetware

https://www.exploit-db.com/exploits/18327

View Code ZIP pw:eip

This Ruby script exploits a stack-based buffer overflow in Novell Netware's XNFS.NLM NFS RPC service (UDP port 2049) via a malformed NFS_RENAME request. The PoC sends a crafted RPC packet with an oversized filename length to trigger remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Novell Netware 6.5 SP8

No auth needed

Prerequisites: Network access to UDP port 2049 on the target · Vulnerable Novell Netware installation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Issue Tracking x_refsource_confirm

https://bugzilla.novell.com/show_bug.cgi?id=671020

Issue Tracking x_refsource_confirm

https://bugzilla.novell.com/show_bug.cgi?id=702491

Various Sources x_refsource_confirm

http://download.novell.com/Download?buildid=Cfw1tDezgbw~

Scores

EPSS 0.1038

EPSS Percentile 95.1%

Details

CWE

CWE-119

Status published

Products (1)

novell/netware 6.5 sp8

Published Nov 30, 2011

Tracked Since Feb 18, 2026