Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4480

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-4480
Last Modified 07 Mar 2011 10:12:31
Published 14 Oct 2008 06:36:58
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4480

Summary

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.

Vulnerable Systems

Application

  • Novell Edirectory 8.7.3

  • Novell Edirectory 8.7.3.10

  • Novell Edirectory 8.7.3.8

  • Novell Edirectory 8.7.3.8 Presp9

  • Novell Edirectory 8.7.3.9

  • Novell Edirectory 8.8

  • Novell Edirectory 8.8.1

  • Novell Edirectory 8.8.2


References

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html

CONFIRM - http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-066/

VUPEN - ADV-2008-2738

SECTRACK - 1020990

BUGTRAQ - 20081008 ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability

CONFIRM - http://www.novell.com/support/viewContent.do?externalId=3477912

CONFIRM - http://www.novell.com/support/viewContent.do?externalId=3426981

CONFIRM - http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001183&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953

SREASON - 4404

SECUNIA - 32111


Last Updated: 27 May 2016 10:48:30