Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0192

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0192
Last Modified 20 Jul 2009 12:00:00
Published 14 Jul 2009 04:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0192

Summary

Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow.

Vulnerable Systems

Application

  • Novell Edirectory 8.8


References

XF - edirectory-imonitor-acceptlanguage-bo(51703)

VUPEN - ADV-2009-1883

BID - 35666

BUGTRAQ - 20090714 Secunia Research: Novell eDirectory iMonitor "Accept-Language" Buffer Overflow

CONFIRM - http://www.novell.com/support/viewContent.do?externalId=3426981

MISC - http://secunia.com/secunia_research/2009-13/

SECUNIA - 34160

OSVDB - 55847


Last Updated: 27 May 2016 10:50:09