1 November 2007, 13:31

Novell patches vulnerability in BorderManager 3.8 Client Trust

The Novell BorderManager 3.8 network administration software includes a Client Trust agent for network clients, in which a security vulnerability has been discovered by the Zero Day Initiative (ZDI). By default the agent listens on UDP port 3024 and accepts validation requests to this port. In the event of such a query, the client software copies a user-supplied name into a buffer until it encounters a wide char backslash or a null character. If neither of these is found, the application just keeps on copying. A buffer overflow occurs when the excess-length captured data is subsequently copied into a fixed size buffer. As a result it is possible to execute injected code. Valid credentials for the system are not required in order to exploit this vulnerability. Novell has released an update which fixes the vulnerability. Administrators should install the update as soon as possible.

Also on The H:

Share this article

Novell patches vulnerability in BorderManager 3.8 Client Trust

Also on The H:

Microsoft's struggle against bugs

CSI:Internet - Open heart surgery

CSI:Internet - A trip into RAM

The H Update Check

Internet Toolkit

Monopoly madness

What's new in Linux 3.4

A Practical Internet of Things

Booting up: Tools and tips for systemd

Kernel Log: Coming in 3.4 (Part 3) - Graphics drivers

Control Centre: The systemd Linux init system

Kernel Log: Coming in 3.4 (Part 2) - Filesystems, storage and drivers

Kernel Log: Coming in 3.4 (Part 1) - Infrastructure

What's new in Linux 3.3

Building a GSM network with open source

CSI:Internet - Controlled from the beyond

Price Insight Top 10 powered by Skinflint

The H

The H open source

The H Security

The H Internet Toolkit