mailing list archives
Assurent VR - Novell eDirectory Management Console Accept-Language Buffer Overflow
From: VR-Subscription-noreply () assurent com
Date: Fri, 27 Feb 2009 11:58:10 -0500 (EST)
Novell eDirectory Management Console Accept-Language Buffer Overflow
Assurent ID: FSC20090226-11
1. Affected Software
Novell eDirectory 8.8.3 prior to patch 8.8.3 FTF3
Novell eDirectory 8.8.4 prior to patch 8.8.4 FTF1
Novell eDirectory 8.7.3 prior to patch 126.96.36.199b Hotfix 1
2. Vulnerability Summary
A remotely exploitable vulnerability has been discovered in the iMonitor component of Novell eDirectory. Specifically,
the vulnerability is due to a boundary error when processing incoming HTTP requests and can lead to a buffer overflow
condition. This boundary error can allow attackers to inject and execute arbitrary code on the target host with System
or root privileges.
3. Vulnerability Analysis
A remote unauthenticated attacker can exploit the vulnerability by sending a malicious HTTP request to the target
system. A successful attack will result in a arbitrary code executed on the target host with System or root privileges.
An unsuccessful attack can create a Denial of Service (DoS) condition for Novell eDirectory server.
4. Vulnerability Detection
Assurent has confirmed the vulnerability in:
Novell eDirectory 8.8 SP3 FTF2
Novell eDirectory 8.7.3
Apply the vendor patch, or limit access to the affected communication port for trusted hosts and networks only.
A patch for Novell eDirectory 8.8 SP3 is available at: http://download.novell.com/Download?buildid=Cf15mVyA3GI~
A patch for eDirectory 8.7.3 and 8.8.4 are expected to be released next week.
6. Vendor Response
Novell has released a bulletin addressing this vulnerability.
Reference: TID 7000538
7. Disclosure Timeline
2008-11-12 Reported to vendor
2008-11-13 Initial vendor response
2009-02-27 Public disclosure
Vulnerability Research Team, Assurent Secure Technologies, a TELUS company
Vendor: Novell - (Bug 446342)
10. About Assurent VRS
Assurent's Vulnerability Research Service (VRS) for security product vendors, and Threat Protection Programs (TPP) for
MSPs and enterprise security teams, help to eliminate the significant costs incurred by security product vendors, MSPs,
and enterprise security teams in responding to and managing critical new security vulnerabilities and other threats
including worm & virus outbreaks and other malware. The VRS and TPP services are real-time feeds providing subscribers
with detailed analysis of the top security vulnerabilities, focused on the specific needs of each group of customers.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Assurent VR - Novell eDirectory Management Console Accept-Language Buffer Overflow VR-Subscription-noreply (Mar 02)