CVE-2009-4654

Name of the Vulnerable Software and Affected Versions Novell eDirectory version 8.8 SP5

Description The issue is related to a stack-based buffer overflow in the dhost module, allowing remote authenticated users to execute arbitrary code. This can be achieved by sending a submit action to the "/dhost/httpstk" API endpoint with long sadminpwd and verifypwd parameters.

Recommendations For Novell eDirectory version 8.8 SP5, as a temporary workaround, consider restricting access to the dhost module until a patch is available. Avoid using long sadminpwd and verifypwd parameters in the affected API endpoint until the issue is resolved.