Executive Summary

Title Novell NetWare NFS denial of service vulnerability
Name VU#578105 First vendor Publication 2007-06-27
Vendor VU-CERT Last vendor Modification 2007-06-27
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#578105

Novell NetWare NFS denial of service vulnerability


The Novell NetWare NFS mount daemon contains a denial of service vulnerability.

I. Description

Network File System (NFS) is an ONC RPC based file and print sharing protocol. Novell Netware includes support for the NFS protocol.

From Novell Support Document 3008097:

    If an NFS client attempts a mount command against a NetWare 6.5 NFS server, and the path component of the command exceeds 508 characters, the XNFS.NLM on the NetWare server will abend, in an rpcWorkerThread. This can happen anytime XNFS.NLM is loaded, even if there is not any path currently exported.

    This makes the NetWare server vulnerable to denial-of-service attack, anytime XNFS.NLM is loaded.

    This vulnerability is not necessarily limited to NetWare 6.5 SP6. Older support packs are likely vulnerable as well.

II. Impact

A remote, unauthenticated attacker may be able to create a denial of service condition.

III. Solution


Novell has released an update to address this issue. See Novell support document 5004900 for details about patch availability.

Restrict access
Restriciting network access to NFS servers and clients may mitigate this vulnerability.

Systems Affected

VendorStatusDate Updated
Novell, Inc.Vulnerable27-Jun-2007




Thanks to Novell for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

Date Public06/15/2007
Date First Published06/27/2007 09:20:44 AM
Date Last Updated06/27/2007
CERT Advisory 
CVE NameCVE-2007-3207
Document Revision3

Original Source

Url : http://www.kb.cert.org/vuls/id/578105

CPE : Common Platform Enumeration

Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
37317 Novell NetWare NFS Mount Daemon (XNFS.NLM) Mount Request Path Name Remote Ove...