CVE-2006-2304

Name of the Vulnerable Software and Affected Versions Novell Client versions 4.83 SP3, 4.90 SP2, 4.91 SP2

Description The issue is caused by multiple integer overflows in the DPRPC library, specifically in the ndps xdr array function. This occurs when an XDR encoded array with a field specifying a large number of elements is processed, allowing remote attackers to execute arbitrary code. Initially, this was reported as a buffer overflow by Novell, but it was later determined that the root cause is an integer overflow.

Recommendations For Novell Client version 4.83 SP3, update to a version that fixes the integer overflows in the DPRPC library. For Novell Client version 4.90 SP2, update to a version that fixes the integer overflows in the DPRPC library. For Novell Client version 4.91 SP2, update to a version that fixes the integer overflows in the DPRPC library.