Novell Netware FTP Server Buffer Overflow

Novell Netware is a network operating system developed by Novell. One of the services provided by Novell Netware is Netware FTP Server, which supplies file-transferring to and from Netware volumes.

FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server. Several FTP commands are available to perform different operations. The DEL/DELE command performs file deletion on the FTP server.

The syntax for DEL/DELE command is as follow:

DEL
or
DELE

A stack buffer overflow vulnerability exists in Novell Netware FTP Server. The vulnerability is due to insufficient boundary checks when processing the DEL/DELE command. Remote authenticated attackers could exploit this vulnerability by connecting to a vulnerable Netware FTP Server and sending a malicious DEL/DELE command to the target server. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the FTP service. Code injection that does not result in execution would terminate the FTP session.

The vulnerability has been assigned as CVE-2010-4228.

SonicWALL has released several IPS signatures to detect and block exploits targeting this vulnerability. The signatures are listed below:

• 238 - DELE Command BO Attempt

• 5541 - Generic FTP Shellcode Exploit 1

• 2099 - Generic FTP Shellcode Exploit 2

• 4961 - Generic FTP Shellcode Exploit 3

• 4982 - Generic FTP Shellcode Exploit 4

• 6367 - Generic FTP Shellcode Exploit 5