CVE-2009-4653

Name of the Vulnerable Software and Affected Versions Novell eDirectory version 8.8 SP5

Description The issue is related to a stack-based buffer overflow in the dhost module, which can be triggered by sending a long string to the "/dhost/modules?I:" API endpoint. This can cause a denial of service, resulting in the dhost.exe process crashing, and potentially allow the execution of arbitrary code. The attack requires authentication.

Recommendations For Novell eDirectory version 8.8 SP5, consider restricting access to the dhost module until a patch is available. As a temporary workaround, avoid using long strings in the "/dhost/modules?I:" API endpoint to minimize the risk of exploitation.