Novell EDirectory Multiple Stack Based Buffer Overflow Vulnerabilities Network Vulnerability

Summary

This host is running Novell eDirectory and is prone to multiple multiple stack based buffer overflow vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitrary code and deny the server. Impact Level: System/Application

Solution

Upgrade to Novell eDirectory version 8.8.1 FTF1 or 8.7.3.9 (8.7.3 SP9) For updates refer to http://www.novell.com/support/kb/doc.php?id=3723994

Insight

The flaws are due to improper validation of user-supplied input via a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function.

Affected

Novell eDirectory 8.8.x to 8.8.1, and 8.x to 8.7.3.8 (8.7.3 SP8)

References

http://secunia.com/advisories/22519
http://securitytracker.com/id?1017125
http://www.zerodayinitiative.com/advisories/ZDI-06-035/
http://www.zerodayinitiative.com/advisories/ZDI-06-036/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2006-5478
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe Reader PDF Handling Denial Of Service Vulnerability (Linux)
Apple QuickTime Malformed .mov File Buffer Overflow Vulnerability
BlackIce DoS (ping flood)
CA Multiple Products 'arclib' Component DoS Vulnerability (Win)
EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability

Novell eDirectory Multiple Stack Based Buffer Overflow Vulnerabilities

Take action and discover your vulnerabilities