Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4479

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4479
Last Modified 07 Mar 2011 10:12:31
Published 14 Oct 2008 06:36:58
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4479

Summary

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.

Vulnerable Systems

Application

  • Novell Edirectory 8.7.3

  • Novell Edirectory 8.7.3.10

  • Novell Edirectory 8.7.3.8

  • Novell Edirectory 8.7.3.8 Presp9

  • Novell Edirectory 8.7.3.9

  • Novell Edirectory 8.8

  • Novell Edirectory 8.8.1

  • Novell Edirectory 8.8.2


References

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-064

VUPEN - ADV-2008-2738

SECTRACK - 1020989

BUGTRAQ - 20081008 ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability

CONFIRM - http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000086&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953

SREASON - 4405

SECUNIA - 32111


Last Updated: 27 May 2016 10:48:30