Novell File Reporter Engine 'RECORD' Processing Buffer Overflow Vulnerability

Summary
This host is installed with Novell File Reporter engine and is prone to buffer overflow vulnerability.
Impact
Successful exploitation could allow remote attackers to execute arbitrary code with SYSTEM privileges or cause denial of service. Impact Level: System/Application
Solution
Upgrade Novell File Reporter Engine 1.0.2.53 or later, For updates refer to http://download.novell.com/Download?buildid=rCAgCcbPH9s~
Insight
The flaw is due to a boundary error in the 'NFREngine.exe' when parsing certain tags inside a RECORD element. This can be exploited to cause a stack-based buffer overflow via specially crafted packets sent to TCP port 3035.
Affected
Novell File Reporter Engine version prior to 1.0.2.53
References