Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability

From: karakorsankara@hotmail.com
To: bugtraq@securityfocus.com
Cc:
Subject: Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability
Date:


Product: 

Novell eDirectory 8.8 SP5 for Windows

Vulnerability Type: 

Buffer Overflow

Attack Vector: 

Network Request

Where: 

From Remote or Local Network

Solution: 

Unpatched

Description:

Vulnerability is in dhost module. 
A malformed http get request (to /dhost/modules?L:) cause a buffer overflow,
Successful exploitation of the vulnerability may allow execution of arbitrary code.

Debugger Results of Vulnerability and PoC Exploit:

http://tcc.hellcode.net/sploitz/novelbof.txt

Original Advisory:

http://tcc.hellcode.net/advisories/hellcode-adv004.txt

Credit to:

Hellcode Research
karak0rsan , murderkey





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.