CVE-2008-4478 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4478
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4478

Description: Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/45628 ST 1020990 1020989 SREASON http://securityreason.com/securityalert/4406 SAID Secunia Advisory: SA32111 MISC http://www.zerodayinitiative.com/advisories/ZDI-08-065 http://www.zerodayinitiative.com/advisories/ZDI-08-063 CONFIRM http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000087&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/497165/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/497163/100/0/threaded

Return to the previous page.