Novell

This is Your Open EnterpriseTM

XNFS.NLM - abend fix for mount request overflow

This document (5004900) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

FileProductStatusPatch
xnfs3a.exeNetWare 6.5ObsoletePost-6.5-SP3 fixes for XNFS (NFS Server)

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Security patch: Yes
Priority: Mandatory
Distribution Type: Public
http://download.novell.com/Download?buildid=8XdJVBDYifk~

document

Revision: 9
Document ID: 5004900
Creation Date: 2007-06-13 16:04:58
Modified Date: 2008-05-13 17:17:11

abstract

This download contains an updated NFS Server (XNFS.NLM) for NetWare 6.5. This corrects a vulnerability in the NetWare NFS mount daemon, where a buffer overflow could occur upon receiving a mount request, causing an abend.

details

System Requirements:

It is highly recommended that the NetWare 6.5 server be updated to Support Pack 6 before applying this patch. Novell has not tested this patch with previous support packs.

Installation:

1. Rename (or save elsewhere) the existing SYS:SYSTEM\XNFS.NLM
2. Copy the enclosed XNFS.NLM to SYS:SYSTEM.
3. From the server console, UNLOAD XNFS.NLM (this could interrupt NFS operations, though if XNFS is only unloaded briefly, NFS clients should recover automatically).
4. LOAD XNFS.NLM

Uninstalling:

If the previous XNFS.NLM was saved in step #1 above, simply return it to it's normal name / location and then UNLOAD and LOAD XNFS.NLM.

Technical Support Information:

This fix is also tentatively expected to be in NetWare 6.5 SP7, when that is released.

security fixes

CVE-2007-3207

XNFS.NLM is vulnerable to abend in rpcWorkerThreadxx, due to buffer overflow, upon receiving a mount request.

file contents

Compressed File Name: xnfs6a.zip

Files IncludedSizeDate
readme_5004900.htmlN/A2008-05-13 17:17:11

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.