CVE-2011-1710

Name of the Vulnerable Software and Affected Versions novell-xtier-base versions 3.1.8 novell-novfsd (affected versions not specified)

Description The issue affects the Novell XTier framework and novell-novfsd package in SUSE Linux Enterprise, potentially leading to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Specifically, multiple integer overflows in the HTTP server of the Novell XTier framework allow remote attackers to cause a denial of service or possibly execute arbitrary code via crafted header length variables, such as header length variables.

Recommendations For novell-xtier-base version 3.1.8, consider updating to a version that fixes the integer overflows in the HTTP server. For novell-novfsd, at the moment, there is no information about a newer version that contains a fix for this vulnerability.