BugTraq
Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability Oct 24 2009 01:12AM
karakorsankara hotmail com
Product:

Novell eDirectory 8.8 SP5 for Windows

Vulnerability Type:

Buffer Overflow

Attack Vector:

Network Request

Where:

From Remote or Local Network

Solution:

Unpatched

Description:

Vulnerability is in dhost module.
A malformed http get request (to /dhost/modules?L:) cause a buffer overflow,
Successful exploitation of the vulnerability may allow execution of arbitrary code.

Debugger Results of Vulnerability and PoC Exploit:

http://tcc.hellcode.net/sploitz/novelbof.txt

Original Advisory:

http://tcc.hellcode.net/advisories/hellcode-adv004.txt

Credit to:

Hellcode Research
karak0rsan , murderkey

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus