CVE-2008-4478 – Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-4478
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en dhost.exe en Novell eDirectory v8.8 anterior a v8.8.3, y v8.73 anterior a v8.7.3.10 ftf1, permite a atacantes remotos ejecutar código de su elección a través de (1) una cabecera "Content-Length" manipulada en una petición SOAP o (2) mediante un mensaje Netware Core Protocol opcode 0x0F, que lanza un desbordamiento de búfer basado en montículo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound by default to TCP port 524. Improper parsing within opcode 0x0F via the Netware Core Protocol can result in an arithmetic calculation based on supplied user-input resulting in an integer overflow that will be used to copy into a heap buffer. • http://secunia.com/advisories/32111 http://securityreason.com/securityalert/4406 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000087&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID • CWE-189: Numeric Errors •
CVE-2008-1809
https://notcve.org/view.php?id=CVE-2008-1809
Heap-based buffer overflow in Novell eDirectory 8.7.3 before 8.7.3.10b, and 8.8 before 8.8.2 FTF2, allows remote attackers to execute arbitrary code via an LDAP search request containing "NULL search parameters." Desbordamiento de búfer basado en montículo en Novell eDirectory 8.7.3 anterior a 8.7.3.10b, y 8.8 anterior a 8.8.2 FTF2, permite a atacantes remotos ejecutar código de su elección mediante una solicitud de búsqueda LDAP que contenga "parámetros de búsqueda nulos". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=724 http://secunia.com/advisories/31036 http://www.novell.com/support/viewContent.do?externalId=3843876 http://www.securityfocus.com/bid/30175 http://www.securitytracker.com/id?1020470 http://www.vupen.com/english/advisories/2008/2062/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43716 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3159 – Novell eDirectory dhost Integer Overflow Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-3159
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic." Desbordamiento de entero en ds.dlm, como el utilizado en dhost.exe de Novell eDirectory 8.7.3.10 anterior a 8.7.3 SP10b y 8.8 anterior a 8.8.2 ftf2, permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados que provocan un desbordamiento del búfer basado en pila. Relacionado con "aritmética defectuosa". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, bound by default to TCP port 524. • http://secunia.com/advisories/30938 http://securitytracker.com/id?1020431 http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858 http://www.securityfocus.com/bid/30085 http://www.vupen.com/english/advisories/2008/1999 http://www.zerodayinitiative.com/advisories/ZDI-08-041 https://exchange.xforce.ibmcloud.com/vulnerabilities/43589 • CWE-189: Numeric Errors •
CVE-2008-0927 – Novell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers Denial of Service
https://notcve.org/view.php?id=CVE-2008-0927
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777. El archivo dhost.exe en Novell eDirectory versión 8.7.3 anterior a las versiones sp10 y 8.8.2 permite a los atacantes remotos provocar una denegación de servicio (consumo de CPU) por medio de una petición HTTP con (1) varios encabezados de conexión o (2) un encabezado de conexión con varios valores separados por comas. NOTA: esta vulnerabilidad podría ser similar a CVE-2008-1777. Novell eDirectory versions below 8.7.3 SP 10 and versions below 8.8.2 suffer from a denial of service related vulnerability. • https://www.exploit-db.com/exploits/5547 http://secunia.com/advisories/29805 http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1 http://www.securityfocus.com/archive/1/491622/100/0/threaded http://www.securityfocus.com/bid/28757 http://www.securitytracker.com/id?1019836 http://www.vupen.com/english/advisories/2008/1217/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41787 • CWE-399: Resource Management Errors •
CVE-2008-0926 – Novell eDirectory 8.x - eMBox Utility 'edirutil' Command
https://notcve.org/view.php?id=CVE-2008-0926
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. La interfaz SOAP en el módulo eMBox en Novell eDirectory versión 8.7.3.9 y anteriores, y versiones 8.8.x anteriores a 8.8.2, depende de la autenticación del lado del cliente, que permite a los atacantes remotos omitir la autenticación por medio de peticiones para los URI /SOAP y causar una denegación de servicio (apagado del demonio) o leer archivos arbitrarios. NOTA: más tarde se reportó que la versión 8.7.3.10 (también se conoce como versión 8.7.3 SP10) también está afectada. • https://www.exploit-db.com/exploits/31533 http://secunia.com/advisories/29527 http://www.securityfocus.com/archive/1/491621/100/0/threaded http://www.securityfocus.com/bid/28441 http://www.securitytracker.com/id?1019691 http://www.vupen.com/english/advisories/2008/0988/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41426 https://secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html • CWE-287: Improper Authentication •