CVE-2008-4478

Name of the Vulnerable Software and Affected Versions: Novell eDirectory versions 8.8 before 8.8.3 Novell eDirectory versions 8.7.3 before 8.7.3.10 ftf1

Description: The issue is caused by multiple integer overflows in dhost.exe, allowing remote attackers to execute arbitrary code. This can be achieved via a crafted Content-Length header in a SOAP request or a Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.

Recommendations: For Novell eDirectory versions 8.8 before 8.8.3, update to version 8.8.3 or later. For Novell eDirectory versions 8.7.3 before 8.7.3.10 ftf1, update to version 8.7.3.10 ftf1 or later.