Critical vulnerability in Novell's NetStorage
Novell is reporting a critical security vulnerability in NetStorage which can be exploited by a remote attacker to compromise a system. The vendor has not provided any details of the vulnerability, but has stated that exploiting the vulnerability to inject and execute code does not require authentication. The vulnerability is particularly unfortunate, as NetStorage is intended to provide secure access to company data from the internet, meaning that, in principle, anyone can address a vulnerable server.
NetStorage on NetWare 6.5 Support Pack 8 and Novell Open Enterprise Server 2 (OES 2) Linux Support Packs 1 and 2 are affected. According to Novell, a patch for OES2 has already been distributed via its patch channel, so fully patched systems should not be vulnerable. All other users can obtain the patch from Novell technical support.
- Potential Security Vulnerability with NetStorage, security advisory from Novell.