[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Assurent VR - Novell eDirectory Management Console Accept-Language Buffer Overflow

To: full-disclosure@xxxxxxxxxxxxxxxxx;bugtraq@xxxxxxxxxxxxxxxxx;
Subject: [Full-disclosure] Assurent VR - Novell eDirectory Management Console Accept-Language Buffer Overflow
From: VR-Subscription-noreply@xxxxxxxxxxxx
Date: Fri, 27 Feb 2009 11:58:10 -0500 (EST)

Novell eDirectory Management Console Accept-Language Buffer Overflow

Assurent ID: FSC20090226-11

1. Affected Software

  Novell eDirectory 8.8.3 prior to patch 8.8.3 FTF3
  Novell eDirectory 8.8.4 prior to patch 8.8.4 FTF1 
  Novell eDirectory 8.7.3 prior to patch 8.7.3.10b Hotfix 1 

2. Vulnerability Summary

A remotely exploitable vulnerability has been discovered in the iMonitor 
component of Novell eDirectory. Specifically, the vulnerability is due to a 
boundary error when processing incoming HTTP requests and can lead to a buffer 
overflow condition. This boundary error can allow attackers to inject and 
execute arbitrary code on the target host with System or root privileges.

3. Vulnerability Analysis

A remote unauthenticated attacker can exploit the vulnerability by sending a 
malicious HTTP request to the target system. A successful attack will result in 
a arbitrary code executed on the target host with System or root privileges. An 
unsuccessful attack can create a Denial of Service (DoS) condition for Novell 
eDirectory server.

4. Vulnerability Detection

Assurent has confirmed the vulnerability in:

  Novell eDirectory 8.8 SP3 FTF2
  Novell eDirectory 8.7.3

5. Workaround

Apply the vendor patch, or limit access to the affected communication port for 
trusted hosts and networks only.

A patch for Novell eDirectory 8.8 SP3 is available at: 
http://download.novell.com/Download?buildid=Cf15mVyA3GI~ 
A patch for eDirectory 8.7.3 and 8.8.4 are expected to be released next week. 

6. Vendor Response

Novell has released a bulletin addressing this vulnerability. 

Reference: TID 7000538

7. Disclosure Timeline

  2008-11-12 Reported to vendor
  2008-11-13 Initial vendor response
  2009-02-27 Public disclosure

8. Credits

Vulnerability Research Team, Assurent Secure Technologies, a TELUS company

9. References

  CVE: 
  Vendor: Novell - (Bug 446342)

10. About Assurent VRS

Assurent's Vulnerability Research Service (VRS) for security product vendors, 
and Threat Protection Programs (TPP) for MSPs and enterprise security teams, 
help to eliminate the significant costs incurred by security product vendors, 
MSPs, and enterprise security teams in responding to and managing critical new 
security vulnerabilities and other threats including worm & virus outbreaks and 
other malware. The VRS and TPP services are real-time feeds providing 
subscribers with detailed analysis of the top security vulnerabilities, focused 
on the specific needs of each group of customers. 

http://www.assurent.com/index.php?id=17

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Notice to all employees
Next by Date: [Full-disclosure] Full Disclosure Gmail account
Previous by thread: Re: [Full-disclosure] Apple Safari ... DoS Vulnerability
Next by thread: [Full-disclosure] Full Disclosure Gmail account
Index(es):
- Date
- Thread