CVE-2007-6734 in NetWareinfo

Summary

by MITRE

NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Analysis

by VulDB Data Team • 05/04/2026

The vulnerability described in CVE-2007-6734 represents a significant access control flaw within the NWFTPD.nlm FTP server component of Novell NetWare 6.5 SP7. This issue specifically targets the implementation of the FTPREST.TXT NOREMOTE restriction mechanism, which is designed to prevent unauthorized directory traversal and access to system resources beyond the intended scope. The vulnerability affects versions prior to 5.08.07 of the NWFTPD.nlm module, indicating that this was a known issue that required a specific patch release to address. The flaw enables authenticated remote attackers to bypass the intended security boundaries that should restrict file access to their designated home directories, creating a potential pathway for information disclosure and unauthorized system access.

The technical implementation of this vulnerability stems from the improper enforcement of the FTPREST.TXT NOREMOTE restriction within the NetWare FTP server. This restriction is intended to prevent remote users from accessing files and directories outside their home server context, effectively creating a sandboxed environment for FTP operations. However, the flaw allows attackers to exploit unspecified vectors that circumvent these security controls, potentially enabling directory traversal attacks that could lead to access of sensitive system files, configuration data, or other restricted resources. The vulnerability is particularly concerning because it operates at the protocol level within the FTP server implementation, affecting the fundamental security model of the NetWare file transfer service.

From an operational impact perspective, this vulnerability creates substantial risk for organizations running Novell NetWare 6.5 SP7 systems with FTP services enabled. Remote authenticated users can potentially access directories beyond their intended scope, which may include sensitive system configuration files, user data, or administrative resources. The implications extend beyond simple data access, as this could enable attackers to gather intelligence about the system, potentially leading to further exploitation opportunities. The vulnerability affects the core FTP functionality of the NetWare server, meaning that any organization relying on FTP services for file transfers or remote access operations would be exposed to this risk. This type of access control bypass can facilitate more sophisticated attacks, including privilege escalation or data exfiltration.

The security implications of CVE-2007-6734 align with CWE-22, which describes improper limitation of a pathname to a restricted directory, commonly known as directory traversal. This classification indicates that the vulnerability represents a classic path traversal issue where the system fails to properly validate or sanitize file paths, allowing attackers to navigate beyond intended access boundaries. From an ATT&CK framework perspective, this vulnerability maps to techniques involving privilege escalation and credential access, as attackers can potentially gain access to resources they should not be authorized to reach. The vulnerability also relates to defense evasion techniques, as it undermines the built-in security controls designed to protect system integrity. Organizations should implement immediate mitigations including applying the available patch for NWFTPD.nlm version 5.08.07, reviewing and restricting FTP user permissions, and monitoring for unauthorized access attempts. Additionally, network segmentation and firewall rules should be configured to limit access to FTP services, and regular security audits should verify that proper access controls are in place to prevent similar issues in other network services.

Reservation

04/05/2010

Disclosure

04/05/2010

Moderation

accepted

Entry

VDB-52571

CPE

ready

EPSS

0.01385

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!