Lucene search

K
saintSAINT CorporationSAINT:25E335288AEE230B4B038B09B24C2DD7
HistoryOct 26, 2006 - 12:00 a.m.

Novell eDirectory iMonitor HTTP redirection buffer overflow

2006-10-2600:00:00
SAINT Corporation
my.saintcorporation.com
23

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.956 High

EPSS

Percentile

99.4%

Added: 10/26/2006
CVE: CVE-2006-5478
BID: 20655
OSVDB: 29993

Background

iMonitor is a web service which is a component of Novell eDirectory.

Problem

iMonitor allows remote command execution by sending specially crafted HTTP header data in a request for certain URLs, which results in a buffer overflow when an HTTP redirection response is processed.

Resolution

Apply edir881ftf_1.exe, edir881ftf_1.tgz, or edir8738ftf_http.tgz. Files are available from Novell.

References

<http://secunia.com/advisories/22519/&gt;

Limitations

Exploit works on Novell eDirectory 8.8.

Platforms

Windows

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.956 High

EPSS

Percentile

99.4%