'[Full-disclosure] Assurent VR - Novell eDirectory Management'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Assurent VR - Novell eDirectory Management
From:       VR-Subscription-noreply () assurent ! com
Date:       2009-02-27 16:58:10
Message-ID: 20090227165810.2897668018E () sticky ! vrt ! telus ! com
[Download RAW message or body]

Novell eDirectory Management Console Accept-Language Buffer Overflow

Assurent ID: FSC20090226-11

1. Affected Software

  Novell eDirectory 8.8.3 prior to patch 8.8.3 FTF3
  Novell eDirectory 8.8.4 prior to patch 8.8.4 FTF1 
  Novell eDirectory 8.7.3 prior to patch 8.7.3.10b Hotfix 1 

2. Vulnerability Summary

A remotely exploitable vulnerability has been discovered in the iMonitor component of Novell \
eDirectory. Specifically, the vulnerability is due to a boundary error when processing incoming \
HTTP requests and can lead to a buffer overflow condition. This boundary error can allow \
attackers to inject and execute arbitrary code on the target host with System or root \
privileges.

3. Vulnerability Analysis

A remote unauthenticated attacker can exploit the vulnerability by sending a malicious HTTP \
request to the target system. A successful attack will result in a arbitrary code executed on \
the target host with System or root privileges. An unsuccessful attack can create a Denial of \
Service (DoS) condition for Novell eDirectory server.

4. Vulnerability Detection

Assurent has confirmed the vulnerability in:

  Novell eDirectory 8.8 SP3 FTF2
  Novell eDirectory 8.7.3

5. Workaround

Apply the vendor patch, or limit access to the affected communication port for trusted hosts \
and networks only.

A patch for Novell eDirectory 8.8 SP3 is available at: \
http://download.novell.com/Download?buildid=Cf15mVyA3GI~  A patch for eDirectory 8.7.3 and \
8.8.4 are expected to be released next week. 

6. Vendor Response

Novell has released a bulletin addressing this vulnerability. 

Reference: TID 7000538

7. Disclosure Timeline

  2008-11-12 Reported to vendor
  2008-11-13 Initial vendor response
  2009-02-27 Public disclosure

8. Credits

Vulnerability Research Team, Assurent Secure Technologies, a TELUS company

9. References

  CVE: 
  Vendor: Novell - (Bug 446342)

10. About Assurent VRS

Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat \
Protection Programs (TPP) for MSPs and enterprise security teams, help to eliminate the \
significant costs incurred by security product vendors, MSPs, and enterprise security teams in \
responding to and managing critical new security vulnerabilities and other threats including \
worm & virus outbreaks and other malware. The VRS and TPP services are real-time feeds \
providing subscribers with detailed analysis of the top security vulnerabilities, focused on \
the specific needs of each group of customers. 

http://www.assurent.com/index.php?id=17



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic