From patrik.karlsson@se.pwcglobal.com Thu May  9 02:48:54 2002
From: Patrik Karlsson <patrik.karlsson@se.pwcglobal.com>
To: vulnwatch@vulnwatch.org
Date: Wed, 8 May 2002 12:09:27 +0200
Subject: [VulnWatch] cqure.net.20020412.netware_sdmr.a

    [The following text is in the "iso-8859-1" character set]
    [Your display is set for the "US-ASCII" character set]
    [Some characters may be displayed incorrectly]

cqure.net Security Vulnerability Report
No: cqure.net.20020412.netware_sdmr.a
========================================

Vulnerability Summary
---------------------
Problem:           The IPX compatibility issue Posted to BugTraq on
                   July 11, 2000 by Dimuthu Parussalla applies to
                   Netware 6.0 SP 1 as well.

Threat:            An attacker could cause the SDMR.NLM to abend
                   and in some cases reboot the server. See bid
                   1467 for more information.

Affected Software: Novell Netware 6.0 SP 1.

Solution:          Taken from Bugtraq bid 1467.
                   "IPX-Compatibility should not be enabled on
                   production servers."


Solution
--------
Disable IPX-Compatibility on production servers.

Additional Information
----------------------
Novell was contacted 20020412.

This vulnerability was found and researched by
Patrik Karlsson & Jonas Ländin
patrik.karlsson@se.pwcglobal.com
jonas.landin@ixsecurity.com

This document is also available at: http://www.cqure.net/advisories/