Novell

This is Your Open EnterpriseTM

FTP for NW65SP8, security fix

This document (5089510) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

FileProductStatusPatch
nwftpd16.zipNetWare 6.5 SP8ObsoleteFTP for NW65SP8, abend fixes

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Architecture: x86
Security patch: Yes
Priority: Mandatory
Distribution Type: Public
http://download.novell.com/Download?buildid=Ax6AbxwGLTs~

document

Revision: 4
Document ID: 5089510
Creation Date: 2011-03-14 12:17:33
Modified Date: 2011-11-01 16:43:35

abstract

NWFTPD17.ZIP contains NWFTPD.NLM v5.10.02, March 9, 2011, which corrects abends which can occur when FTP clients (either authenticated or anonymous) submit lengthy commands, which overflow NWFTPD's command buffer, causing stack corruption. It also contains an updated CALNLM32.NLM (one of the "xplat" modules) also necessary to correct some of these abends.

details

Overview:

NWFTPD.NLM v5.10.02, March 29, 2011, corrects abends which can occur when FTP clients (either authenticated or anonymous) submit lengthy commands, which overflow NWFTPD's command buffer, causing stack corruption.

System Requirements:

NetWare 6.5 SP8 is required. It is the only Support Pack on which this update is officially tested and supported. NetWare FTP Server must previously have been installed from the NetWare CD, to supply other FTP components.


Installation:

1. If you wish to retain the older files:
a. Save or rename the existing SYS:SYSTEM\NWFTPD.NLM to NWFTPD.SP8 (or other desired name)
b. Save or rename the existing SYS:SYSTEM\CALNLN32.NLM to CALNLM32.SP8 (or other desired name).

2. Copy NWFTPD.NLM and CALNLM32.NLM supplied by this download into SYS:SYSTEM.

3. Reboot. (For clusters, each node which can run NWFTPD will need these updates and will need to be rebooted).


Uninstalling:

If the old files were saved / renamed in step 1, an 'uninstall' can be accomplished by deleting the new NWFTPD.NLM and CALNLM32.NLM, and returning the old files to their original name and location. Then reboot.


Technical Support Information:

Bugzilla 641249:
FTP clients submitting excessively long commands could corrupt NWFTPD's stack and lead to abends. This has been corrected.

This update also contains all previously released NWFTPD fixes, most notably the other FTP fixes to occur after NetWare 6.5 SP8:
- Similar stack overflow fixes from NWFTPD16.ZIP (Bugzilla 568496).
- Cluster related improvements from NWFTPD15.ZIP (Bugzilla 524729).
During rapid cluster resource migration from one node to another,
it was possible that the method for NWFTPD to unload itself might
not completely finish its tasks. This could lead to cases where the
resource would come up on the new node, but then immediately
unload NWFTPD.

For more details, including a full history of NWFTPD.NLM changes, see TID 3238588.

security fixes

CVE-2010-4228

FTP clients, either authenticated or anonymous, can abend a NetWare FTP server by submitting certain lengthy commands. The commands overflow the FTP command buffer and corrupt the stack. Corruption of the stack can cause invalid data to be used or invalid code pointers to be set. This can result in execution attempts of non-code or code at arbitrary locations in memory. When this occurs, the individual NWFTPD session's thread will typically abend.

The abend is usually recoverable; other NWFTPD threads are usually not effected; new FTP sessions can still be established. In some cases, however, the server may abend severely enough that services are effected and the system needs to be rebooted.

This vulnerability was reported to Novell by:
* Francis Provencher of PROTEK RESEARCH LABS, through TippingPoint's Zero Day Initiative. (ZDI-CAN-940)


CVE-2010-0625 [previously released CVE / fix, carried into this patch]

This CVE has the same description as CVE-2010-4228. However, it resulted in fixes to different code paths. This CVE was reported to Novell by:
* Francis Provencher of PROTEK RESEARCH LABS
* Nick DeBaggis through TippingPoint's Zero Day Initiative. (ZDI-CAN-383)

change log

March 14 2011 5:09pm Corrected a typo. Added ZDI numbers to the security info.
Nov 1 2011 2:10pm Moved patch from Field Test to Public

file contents

Compressed File Name: nwftpd17.zip

Files IncludedSizeDate
readme_5089510.htmlN/A2011-11-01 16:43:36

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.