CVE-2008-4478
Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.
Múltiples desbordamientos de entero en dhost.exe en Novell eDirectory v8.8 anterior a v8.8.3, y v8.73 anterior a v8.7.3.10 ftf1, permite a atacantes remotos ejecutar código de su elección a través de (1) una cabecera "Content-Length" manipulada en una petición SOAP o (2) mediante un mensaje Netware Core Protocol opcode 0x0F, que lanza un desbordamiento de búfer basado en montículo.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound by default to TCP port 524. Improper parsing within opcode 0x0F via the Netware Core Protocol can result in an arithmetic calculation based on supplied user-input resulting in an integer overflow that will be used to copy into a heap buffer. This fault can be leveraged to result in arbitrary code execution.
*Credits:
Sebastian Apelt (webmaster@buzzworld.org)
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-10-07 CVE Reserved
- 2008-10-08 CVE Published
- 2023-04-14 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-189: Numeric Errors
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/32111 | Third Party Advisory | |
| http://securityreason.com/securityalert/4406 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/497163/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/497165/100/0/threaded | Mailing List | |
| http://www.securitytracker.com/id?1020989 | Vdb Entry | |
| http://www.securitytracker.com/id?1020990 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/2738 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-063 | X_refsource_misc |
|
| http://www.zerodayinitiative.com/advisories/ZDI-08-065 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45628 | Vdb Entry |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | <= 8.7.3.10 Search vendor "Novell" for product "Edirectory" and version " <= 8.7.3.10" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7 Search vendor "Novell" for product "Edirectory" and version "8.7" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.1 Search vendor "Novell" for product "Edirectory" and version "8.7.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.1 Search vendor "Novell" for product "Edirectory" and version "8.7.1" | sp1 |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3 Search vendor "Novell" for product "Edirectory" and version "8.7.3" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3.8 Search vendor "Novell" for product "Edirectory" and version "8.7.3.8" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3.8_presp9 Search vendor "Novell" for product "Edirectory" and version "8.7.3.8_presp9" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3.9 Search vendor "Novell" for product "Edirectory" and version "8.7.3.9" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3.9 Search vendor "Novell" for product "Edirectory" and version "8.7.3.9" | linux |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3.9 Search vendor "Novell" for product "Edirectory" and version "8.7.3.9" | solaris |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3.9 Search vendor "Novell" for product "Edirectory" and version "8.7.3.9" | windows_2000 |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3.9 Search vendor "Novell" for product "Edirectory" and version "8.7.3.9" | windows_2003 |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8 Search vendor "Novell" for product "Edirectory" and version "8.8" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8 Search vendor "Novell" for product "Edirectory" and version "8.8" | linux |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8 Search vendor "Novell" for product "Edirectory" and version "8.8" | solaris |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8 Search vendor "Novell" for product "Edirectory" and version "8.8" | windows_2000 |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8 Search vendor "Novell" for product "Edirectory" and version "8.8" | windows_2003 |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8.1 Search vendor "Novell" for product "Edirectory" and version "8.8.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8.1 Search vendor "Novell" for product "Edirectory" and version "8.8.1" | linux |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8.1 Search vendor "Novell" for product "Edirectory" and version "8.8.1" | solaris |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8.1 Search vendor "Novell" for product "Edirectory" and version "8.8.1" | windows_2000 |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8.1 Search vendor "Novell" for product "Edirectory" and version "8.8.1" | windows_2003 |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8.2 Search vendor "Novell" for product "Edirectory" and version "8.8.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8.2 Search vendor "Novell" for product "Edirectory" and version "8.8.2" | linux |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8.2 Search vendor "Novell" for product "Edirectory" and version "8.8.2" | solaris |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8.2 Search vendor "Novell" for product "Edirectory" and version "8.8.2" | windows_2000 |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8.2 Search vendor "Novell" for product "Edirectory" and version "8.8.2" | windows_2003 |
Affected
| ||||||