Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:66B339E015EB956911A89B95C7D4611E
HistoryOct 30, 2009 - 12:00 a.m.

Novell eDirectory DHost module load buffer overflow

2009-10-3000:00:00
SAINT Corporation
my.saintcorporation.com
7
JSON

Added: 10/30/2009
BID: 36815

Background

Novell eDirectory is a directory server which implements the LDAP protocol. eDirectory for Windows, Linux, and UNIX includes the DHost program, which runs under eDirectory and provides the functionality of the NetWare operating system.

Problem

A buffer overflow vulnerability in the DHost program allows remote attackers to execute arbitrary commands by sending an HTTP request for **/dhost/modules?L:** followed by a specially crafted module name.

Resolution

Upgrade to a version higher than 8.8.2ftf2 or 8.8 SP5 when available.

References

<http://www.securityfocus.com/archive/1/507412&gt;

Limitations

Exploit works on Novell eDirectory 8.8 SP5. The ‘WWW::Mechanize’ and ‘IO::Socket::SSL’ PERL modules are required.

This exploit requires a valid eDirectory login and password.

Platforms

Windows
Linux

JSON