Thursday, September 2, 2010

Security Advisory for NetWare 6.5 OpenSSH (“On Exploitability”)

TippingPoint ZDI reports Remote Code Execution (RCE) Vulnerability in Novell Netware - ZDI-10-169

Novell classifies the bug as a Denial of Service and says they won't be issuing a patch. NetWare 6.5 is out of general support and Novell will only create fixes for issues rated "critical". DoS isn't a critical bug...yada yada.

ZDI disagrees and provides a proof of concept of RCE in rather unquie narratative format.

Hilariousness ensues.

P.S. - Are nominations for Pwnie Awards 2011's "Lamest Vendor Response" group open yet?

No comments:

Post a Comment