[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability



Product: 

Novell eDirectory 8.8 SP5 for Windows

Vulnerability Type: 

Buffer Overflow

Attack Vector: 

Network Request

Where: 

From Remote or Local Network

Solution: 

Unpatched

Description:

Vulnerability is in dhost module. 
A malformed http get request (to /dhost/modules?L:) cause a buffer overflow,
Successful exploitation of the vulnerability may allow execution of arbitrary code.

Debugger Results of Vulnerability and PoC Exploit:

http://tcc.hellcode.net/sploitz/novelbof.txt

Original Advisory:

http://tcc.hellcode.net/advisories/hellcode-adv004.txt

Credit to:

Hellcode Research
karak0rsan , murderkey