[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability
- To: "zdi-disclosures@xxxxxxxx" <zdi-disclosures@xxxxxxxx>
- Subject: Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability
- From: "Matt Richard" <matt.richard@xxxxxxxxx>
- Date: Fri, 27 Oct 2006 23:35:35 -0400
On 10/27/06, zdi-disclosures@xxxxxxxx <zdi-disclosures@xxxxxxxx> wrote:
> -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability since October 26, 2006 by Digital Vaccine protection
> filter ID 4519. For further product information on the TippingPoint IPS:
<snip>
> The specific flaw exists within the httpstk.dll library within the
> dhost.exe web interface of the eDirectory Host Environment. The web
> interface does not validate the length of the HTTP Host header prior to
> using the value of that header in an HTTP redirect. This results in an
> exploitable stack-based buffer overflow.
This 0day was reported on 10/20/06 here
http://www.mnin.org/advisories/2006_novell_httpstk.pdf.
Seems that your initiative has fallen a bit behind. Your customers
had to wait for you to realize this had already been released and a
signature was added to Bleeding Snort on 10/23.
It's also a bit odd that Novell released the updates on 10/20/06, the
same day as the MNIN advisory.
Based on the time line it looks like the whole thing might have been
ripped off.....
Cheers,
Matt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/