Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability
From: "Matt Richard" <matt.richard () gmail com>
Date: Fri, 27 Oct 2006 23:35:35 -0400

On 10/27/06, zdi-disclosures () 3com com <zdi-disclosures () 3com com> wrote:
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since October 26, 2006 by Digital Vaccine protection
filter ID 4519. For further product information on the TippingPoint IPS:
<snip>
The specific flaw exists within the httpstk.dll library within the
dhost.exe web interface of the eDirectory Host Environment. The web
interface does not validate the length of the HTTP Host header prior to
using the value of that header in an HTTP redirect. This results in an
exploitable stack-based buffer overflow.

This 0day was reported on 10/20/06 here
http://www.mnin.org/advisories/2006_novell_httpstk.pdf.

Seems that your initiative has fallen a bit behind.  Your customers
had to wait for you to realize this had already been released and a
signature was added to Bleeding Snort on 10/23.

It's also a bit odd that Novell released the updates on 10/20/06, the
same day as the MNIN advisory.

Based on the time line it looks like the whole thing might have been
ripped off.....

Cheers,

Matt

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]