[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Assurent VR - Novell eDirectory Management
From: VR-Subscription-noreply () assurent ! com
Date: 2009-02-27 16:58:10
Message-ID: 20090227165810.2897668018E () sticky ! vrt ! telus ! com
[Download RAW message or body]
Novell eDirectory Management Console Accept-Language Buffer Overflow
Assurent ID: FSC20090226-11
1. Affected Software
Novell eDirectory 8.8.3 prior to patch 8.8.3 FTF3
Novell eDirectory 8.8.4 prior to patch 8.8.4 FTF1
Novell eDirectory 8.7.3 prior to patch 8.7.3.10b Hotfix 1
2. Vulnerability Summary
A remotely exploitable vulnerability has been discovered in the iMonitor component of Novell \
eDirectory. Specifically, the vulnerability is due to a boundary error when processing incoming \
HTTP requests and can lead to a buffer overflow condition. This boundary error can allow \
attackers to inject and execute arbitrary code on the target host with System or root \
privileges.
3. Vulnerability Analysis
A remote unauthenticated attacker can exploit the vulnerability by sending a malicious HTTP \
request to the target system. A successful attack will result in a arbitrary code executed on \
the target host with System or root privileges. An unsuccessful attack can create a Denial of \
Service (DoS) condition for Novell eDirectory server.
4. Vulnerability Detection
Assurent has confirmed the vulnerability in:
Novell eDirectory 8.8 SP3 FTF2
Novell eDirectory 8.7.3
5. Workaround
Apply the vendor patch, or limit access to the affected communication port for trusted hosts \
and networks only.
A patch for Novell eDirectory 8.8 SP3 is available at: \
http://download.novell.com/Download?buildid=Cf15mVyA3GI~ A patch for eDirectory 8.7.3 and \
8.8.4 are expected to be released next week.
6. Vendor Response
Novell has released a bulletin addressing this vulnerability.
Reference: TID 7000538
7. Disclosure Timeline
2008-11-12 Reported to vendor
2008-11-13 Initial vendor response
2009-02-27 Public disclosure
8. Credits
Vulnerability Research Team, Assurent Secure Technologies, a TELUS company
9. References
CVE:
Vendor: Novell - (Bug 446342)
10. About Assurent VRS
Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat \
Protection Programs (TPP) for MSPs and enterprise security teams, help to eliminate the \
significant costs incurred by security product vendors, MSPs, and enterprise security teams in \
responding to and managing critical new security vulnerabilities and other threats including \
worm & virus outbreaks and other malware. The VRS and TPP services are real-time feeds \
providing subscribers with detailed analysis of the top security vulnerabilities, focused on \
the specific needs of each group of customers.
http://www.assurent.com/index.php?id=17
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic