In association with heise online

09 February 2010, 12:15

Critical vulnerability in Novell's NetStorage

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Novell Logo Novell is reporting a critical security vulnerability in NetStorage which can be exploited by a remote attacker to compromise a system. The vendor has not provided any details of the vulnerability, but has stated that exploiting the vulnerability to inject and execute code does not require authentication. The vulnerability is particularly unfortunate, as NetStorage is intended to provide secure access to company data from the internet, meaning that, in principle, anyone can address a vulnerable server.

NetStorage on NetWare 6.5 Support Pack 8 and Novell Open Enterprise Server 2 (OES 2) Linux Support Packs 1 and 2 are affected. According to Novell, a patch for OES2 has already been distributed via its patch channel, so fully patched systems should not be vulnerable. All other users can obtain the patch from Novell technical support.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit