CVE-2010-0625 in NetWareinfo

Summary

by MITRE

Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 05/05/2026

The vulnerability identified as CVE-2010-0625 represents a critical stack-based buffer overflow in the NWFTPD.nlm module of Novell NetWare operating systems ranging from version 5.1 through 6.5 Service Pack 8. This flaw specifically affects the FTP server component that handles file management operations through four distinct command types including MKD for making directories, RMD for removing directories, RNFR for renaming files, and DELE for deleting files. The vulnerability exists in the handling of user-supplied input within these commands, creating a potential pathway for malicious exploitation that could lead to system compromise or denial of service conditions.

The technical nature of this vulnerability stems from improper bounds checking within the FTP server's command processing logic. When authenticated users submit commands containing excessively long parameter strings, the application fails to validate the input length against the allocated stack buffer space. This allows attackers to overwrite adjacent memory locations on the stack, potentially corrupting program execution flow and creating opportunities for arbitrary code execution. The vulnerability is classified under CWE-121 as a stack-based buffer overflow, which occurs when data written to a stack buffer exceeds the buffer's allocated size. The flaw demonstrates characteristics of a classic buffer overflow attack vector that can be exploited through the network protocol interface.

The operational impact of this vulnerability extends beyond simple denial of service conditions to encompass potential system compromise and unauthorized code execution. Remote authenticated users who can establish connections to the FTP service can leverage this vulnerability to either crash the daemon process, effectively causing a denial of service that disrupts legitimate file transfer operations, or more critically, execute arbitrary code with the privileges of the FTP service account. This could enable attackers to gain unauthorized access to sensitive data, escalate privileges within the system, or establish persistent access points. The vulnerability affects the entire Novell NetWare ecosystem across multiple versions, making it particularly concerning for organizations maintaining legacy infrastructure.

Organizations affected by this vulnerability should prioritize immediate remediation through official Novell patches and updates to bring their NetWare systems to version 5.10.01 or later where the buffer overflow has been addressed. System administrators should also implement network segmentation and access controls to limit exposure of FTP services to trusted networks only. Additionally, monitoring for suspicious FTP command patterns and implementing intrusion detection systems can help identify exploitation attempts. The mitigation strategy aligns with ATT&CK technique T1203 which covers exploitation for execution, and T1499 which addresses network denial of service. Regular security assessments and vulnerability scanning should be conducted to identify similar buffer overflow conditions in other legacy applications and services that may present similar attack vectors.

Reservation

02/11/2010

Disclosure

04/05/2010

Moderation

accepted

Entry

VDB-52585

CPE

ready

Exploit

Download

EPSS

0.05089

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!