CVE-2009-0192

Name of the Vulnerable Software and Affected Versions Novell eDirectory versions 8.8 SP3 through 8.8 SP3 FTF3

Description The issue is caused by an off-by-one error in the iMonitor component, which allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header. This triggers a stack-based buffer overflow.

Recommendations For Novell eDirectory versions 8.8 SP3 through 8.8 SP3 FTF3, consider restricting access to the iMonitor component until a fix is available. Avoid using crafted Accept-Language headers in HTTP requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.