PT-2008-5713 · Novell · Netware Core Protocol+2
Sebastian Apelt
·
Publicado
2008-10-14
·
Atualizado
2018-11-02
·
CVE-2008-4480
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Novell eDirectory versions prior to 8.8.3
Novell eDirectory version 8.7.3 before 8.7.3.10 ftf1
Description:
The issue is related to a heap-based buffer overflow in dhost.exe. It allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message. This message triggers a calculation error that under-allocates a heap buffer.
Recommendations:
For Novell eDirectory versions prior to 8.8.3, update to version 8.8.3 or later.
For Novell eDirectory version 8.7.3, apply the fix before 8.7.3.10 ftf1.
Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Netware Core Protocol
Novell Edirectory
Dhost.Exe