PT-2010-1463 · Novell · Novell Edirectory

Published

2010-02-26

Updated

2018-10-10

CVE-2009-4653

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Novell eDirectory version 8.8 SP5

Description The issue is related to a stack-based buffer overflow in the dhost module, which can be triggered by sending a long string to the "/dhost/modules?I:" API endpoint. This can cause a denial of service, resulting in the dhost.exe process crashing, and potentially allow the execution of arbitrary code. The attack requires authentication.

Recommendations For Novell eDirectory version 8.8 SP5, consider restricting access to the dhost module until a patch is available. As a temporary workaround, avoid using long strings in the "/dhost/modules?I:" API endpoint to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-4653

Affected Products

Novell Edirectory

PT-2010-1463 · Novell · Novell Edirectory

CVE-2009-4653

Weakness Enumeration

Related Identifiers

Affected Products

References · 5