TippingPoint ZDI reports Remote Code Execution (RCE) Vulnerability in Novell Netware - ZDI-10-169
Novell classifies the bug as a Denial of Service and says they won't be issuing a patch. NetWare 6.5 is out of general support and Novell will only create fixes for issues rated "critical". DoS isn't a critical bug...yada yada.
ZDI disagrees and provides a proof of concept of RCE in rather unquie narratative format.
Hilariousness ensues.
P.S. - Are nominations for Pwnie Awards 2011's "Lamest Vendor Response" group open yet?
No comments:
Post a Comment