Vulnerability Details CVE-2009-5153
In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.153
EPSS Ranking 94.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://bugzilla.suse.com/show_bug.cgi?id=515804
- https://download.novell.com/Download?buildid=1z3z-OsVCiE~
- https://www.zerodayinitiative.com/advisories/ZDI-09-067/
- https://bugzilla.suse.com/show_bug.cgi?id=515804
- https://download.novell.com/Download?buildid=1z3z-OsVCiE~
- https://www.zerodayinitiative.com/advisories/ZDI-09-067/
Products affected by CVE-2009-5153
-
cpe:2.3:a:microfocus:netware:2.10
-
cpe:2.3:a:microfocus:netware:2.11
-
cpe:2.3:a:microfocus:netware:2.12
-
cpe:2.3:a:microfocus:netware:2.15
-
cpe:2.3:a:microfocus:netware:2.15a
-
cpe:2.3:a:microfocus:netware:2.15b
-
cpe:2.3:a:microfocus:netware:2.15c
-
cpe:2.3:a:microfocus:netware:2.15d
-
cpe:2.3:a:microfocus:netware:2.15e
-
cpe:2.3:a:microfocus:netware:2.15f
-
cpe:2.3:a:microfocus:netware:2.2
-
cpe:2.3:a:microfocus:netware:3.0
-
cpe:2.3:a:microfocus:netware:3.10
-
cpe:2.3:a:microfocus:netware:3.11
-
cpe:2.3:a:microfocus:netware:3.12
-
cpe:2.3:a:microfocus:netware:3.2
-
cpe:2.3:a:microfocus:netware:4.0
-
cpe:2.3:a:microfocus:netware:4.01
-
cpe:2.3:a:microfocus:netware:4.02
-
cpe:2.3:a:microfocus:netware:4.11
-
cpe:2.3:a:microfocus:netware:5.0
-
cpe:2.3:a:microfocus:netware:5.1
-
cpe:2.3:a:microfocus:netware:6.0
-
cpe:2.3:a:microfocus:netware:6.5