TUCoPS :: Networks :: bt-21877.htm

Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability
Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability
Novell eDirectory 8.8 SP5 for Windows - Buffer Overflow Vulnerability


Product: 

Novell eDirectory 8.8 SP5 for Windows

Vulnerability Type: 

Buffer Overflow

Attack Vector: 

Network Request

Where: 

>From Remote or Local Network

Solution: 

Unpatched

Description:

Vulnerability is in dhost module. 
A malformed http get request (to /dhost/modules?L:) cause a buffer overflow,
Successful exploitation of the vulnerability may allow execution of arbitrary code.

Debugger Results of Vulnerability and PoC Exploit:

http://tcc.hellcode.net/sploitz/novelbof.txt 

Original Advisory:

http://tcc.hellcode.net/advisories/hellcode-adv004.txt 

Credit to:

Hellcode Research
karak0rsan , murderkey

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH