Back to list
Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability
Oct 28 2006 03:35AM
Matt Richard (matt richard gmail com)
On 10/27/06, zdi-disclosures (at) 3com (dot) com [email concealed] <zdi-disclosures (at) 3com (dot) com [email concealed]> wrote:
> -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability since October 26, 2006 by Digital Vaccine protection
> filter ID 4519. For further product information on the TippingPoint IPS:
> The specific flaw exists within the httpstk.dll library within the
> dhost.exe web interface of the eDirectory Host Environment. The web
> interface does not validate the length of the HTTP Host header prior to
> using the value of that header in an HTTP redirect. This results in an
> exploitable stack-based buffer overflow.
This 0day was reported on 10/20/06 here
Seems that your initiative has fallen a bit behind. Your customers
had to wait for you to realize this had already been released and a
signature was added to Bleeding Snort on 10/23.
It's also a bit odd that Novell released the updates on 10/20/06, the
same day as the MNIN advisory.
Based on the time line it looks like the whole thing might have been
[ reply ]
Copyright 2010, SecurityFocus