VULHUB ™

Mars NWE is a freely available Netware emulator. It is maintained by original author Martin Stovers. A problem with the software could allow a user to gain elevated privileges. Due to the handling of format strings by the software package, it is possible for a DOS or Windows workstation attached to the emulator to generate a custom crafted request of the system that will ultimately execute the code. In the logging code of the program, improper handling of format strings make it possible to fill buffers, and overwrite variables on the stack including the return address. Due to this problem it is possible for a user with malicious intent to pass shell code to the program, which will result in execution of the code on the stack with the privileges inherited by the emulator program, normally run as root.

Mars NWE is a freely available Netware emulator. It is maintained by original author Martin Stovers. A problem with the software could allow a user to gain elevated privileges. Due to the handling of format strings by the software package, it is possible for a DOS or Windows workstation attached to the emulator to generate a custom crafted request of the system that will ultimately execute the code. In the logging code of the program, improper handling of format strings make it possible to fill buffers, and overwrite variables on the stack including the return address. Due to this problem it is possible for a user with malicious intent to pass shell code to the program, which will result in execution of the code on the stack with the privileges inherited by the emulator program, normally run as root.