CVE-2006-2304
Last modified
CVE-2006-2304 is a vulnerability of currently unknown severity. Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow.. EPSS estimates a 8.25% chance of exploitation in the next 30 days.
Description
Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Novell | Client | 4.83 | Sp3 |
| Novell | Client | 4.90 | Sp2 |
| Novell | Client | 4.91 | Sp2 |
References
- http://secunia.com/advisories/20048Vendor Advisory
- http://www.hustlelabs.com/novell_ndps_advisory.pdfPatch, Vendor Advisory
- http://secunia.com/advisories/20048Vendor Advisory
- http://www.hustlelabs.com/novell_ndps_advisory.pdfPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-2304?
How severe is CVE-2006-2304?
How do I fix CVE-2006-2304?
Are you affected by CVE-2006-2304?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST