Added: 10/30/2009
BID: 36815
Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system.
A buffer overflow vulnerability in the DHost program allows remote attackers to execute arbitrary commands by sending an HTTP request for **/dhost/modules?L:**
followed by a specially crafted module name.
Upgrade to a version higher than 8.8.2ftf2 or 8.8 SP5 when available.
<http://www.securityfocus.com/archive/1/507412>
Exploit works on Novell eDirectory 8.8 SP5. The ‘WWW::Mechanize’ and ‘IO::Socket::SSL’ PERL modules are required.
This exploit requires a valid eDirectory login and password.
Windows
Linux