Info

Disclosure

May 08, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Novell NetWare contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when PORTAL.NLM function groupOperationsMethod() fails, which will write the username and password in cleartext to the abend.log file, resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch httpstk5.exe to address this vulnerability.

Products

Novell, Inc.

Novell NetWare

6.5 SP5

References

Security Tracker: 1016106
Bugtraq ID: 18017
CVE ID: 2006-2185 (see also: NVD)
SCIP VulDB ID: 2266
ISS X-Force ID: 26488
VUPEN Advisory: ADV-2006-1829
Vendor Specific News/Changelog Entry: http://support.novell.com/cgi-bin/search/searchtid.cgi?2973698.htm
Secunia Advisory ID: SA20288
Keyword: TID2973698

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/25780