CVE-2008-4480

2008-10-1422:36:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-4480

buffer overflow

novell edirectory

security vulnerability

remote code execution

8.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.302 Low

EPSS

Percentile

96.9%

JSON

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.

CPENameOperatorVersion
novell:edirectorynovell edirectorylt8.7.3.10
novell:edirectorynovell edirectorylt8.8.3

CPE	Name	Operator	Version
novell:edirectory	novell edirectory	lt	8.7.3.10
novell:edirectory	novell edirectory	lt	8.8.3

References

secunia.com/advisories/32111

securityreason.com/securityalert/4404

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html

www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001183&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953

www.novell.com/support/viewContent.do?externalId=3426981

www.novell.com/support/viewContent.do?externalId=3477912

www.securityfocus.com/archive/1/497169/100/0/threaded

www.securitytracker.com/id?1020990

www.vupen.com/english/advisories/2008/2738

www.zerodayinitiative.com/advisories/ZDI-08-066/