CVE-2009-0849

Name of the Vulnerable Software and Affected Versions NovaStor NovaNET version 12

Description The issue is related to a stack-based buffer overflow in the DtbClsLogin function, allowing remote attackers to execute arbitrary code on Linux platforms or cause a denial of service on Windows platforms via a long username field during backup domain authentication. This is related to the libnnlindtb.so file on Linux and the nnwindtb.dll file on Windows.

Recommendations For NovaStor NovaNET version 12, consider restricting the length of the username field during backup domain authentication to prevent exploitation. As a temporary workaround, consider disabling the DtbClsLogin function until a patch is available. Restrict access to the libnnlindtb.so file on Linux and the nnwindtb.dll file on Windows to minimize the risk of exploitation.