Novell eDirectory multiple security vulnerabilities
Published:		09.10.2008
Source:		BUGTRAQ
SecurityVulns ID:		9347
Type:		remote
Level:		7/10
Description:		Multiple buffer overflows on TCP/8028 and TCP/8028 traffic parsing.

CVE:		CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.)
		CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.)
		CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.)

Original document		ZDI, ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability (09.10.2008)
		ZDI, ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability (09.10.2008)
		ZDI, ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability (09.10.2008)
		ZDI, ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability (09.10.2008)

Discuss:

Read or add your comments to this news (0 comments)