Novell eDirectory iMonitor NDS buffer overflow

2006-05-30T00:00:00
ID SAINT:6770D8E6B4CE305CD7F38B1A21A66612
Type saint
Reporter SAINT Corporation
Modified 2006-05-30T00:00:00

Description

Added: 05/30/2006
CVE: CVE-2006-2496
BID: 18026
OSVDB: 25781

Background

iMonitor is a web service which is a component of Novell eDirectory.

Problem

A buffer overflow in iMonitor allows remote attackers to execute arbitrary commands by sending a long, specially crafted URL request in the NDS directory.

Resolution

Apply the iMonitor security update.

References

<http://www.securityfocus.com/archive/1/434723>

Limitations

Exploit works on Novell eDirectory 8.8.

Platforms

Windows