Novell eDirectory iMonitor NDS buffer overflow

2006-05-30T00:00:00
ID SAINT:0529A7F203F5C575C15B8EFA4E5DE18C
Type saint
Reporter SAINT Corporation
Modified 2006-05-30T00:00:00

Description

Added: 05/30/2006
CVE: CVE-2006-2496
BID: 18026
OSVDB: 25781

Background

iMonitor is a web service which is a component of Novell eDirectory.

Problem

A buffer overflow in iMonitor allows remote attackers to execute arbitrary commands by sending a long, specially crafted URL request in the NDS directory.

Resolution

Apply the iMonitor security update.

References

<http://www.securityfocus.com/archive/1/434723>

Limitations

Exploit works on Novell eDirectory 8.8.

Platforms

Windows