CVE-2008-3159
Novell eDirectory dhost Integer Overflow Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."
Desbordamiento de entero en ds.dlm, como el utilizado en dhost.exe de Novell eDirectory 8.7.3.10 anterior a 8.7.3 SP10b y 8.8 anterior a 8.8.2 ftf2, permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados que provocan un desbordamiento del búfer basado en pila. Relacionado con "aritmética defectuosa".
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability.
The specific flaw exists within dhost.exe, bound by default to TCP port 524. Flawed arithmetic applied to a user-supplied value results in an integer overflow and subsequently a complete stack smash allowing an attacker to execute arbitrary code via SEH redirection.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-07-10 CVE Published
- 2008-07-14 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://securitytracker.com/id?1020431 | Vdb Entry | |
http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858 | X_refsource_confirm | |
http://www.securityfocus.com/bid/30085 | Vdb Entry | |
http://www.vupen.com/english/advisories/2008/1999 | Vdb Entry | |
http://www.zerodayinitiative.com/advisories/ZDI-08-041 | X_refsource_misc | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/43589 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/30938 | 2017-08-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3 Search vendor "Novell" for product "Edirectory" and version "8.7.3" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8 Search vendor "Novell" for product "Edirectory" and version "8.8" | - |
Affected
|