Home page logo
/

bugtraq logo Bugtraq mailing list archives

Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability
From: karakorsankara () hotmail com
Date: Fri, 23 Oct 2009 19:12:12 -0600

Product: 

Novell eDirectory 8.8 SP5 for Windows

Vulnerability Type: 

Buffer Overflow

Attack Vector: 

Network Request

Where: 

From Remote or Local Network

Solution: 

Unpatched

Description:

Vulnerability is in dhost module. 
A malformed http get request (to /dhost/modules?L:) cause a buffer overflow,
Successful exploitation of the vulnerability may allow execution of arbitrary code.

Debugger Results of Vulnerability and PoC Exploit:

http://tcc.hellcode.net/sploitz/novelbof.txt

Original Advisory:

http://tcc.hellcode.net/advisories/hellcode-adv004.txt

Credit to:

Hellcode Research
karak0rsan , murderkey


  By Date           By Thread  

Current thread:
  • Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability karakorsankara (Oct 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]