CVE-2009-4486
Novell iManager eDirectory Plugin Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the eDirectory plugin in Novell iManager before 2.7.3 allows remote attackers to execute arbitrary code via vectors that trigger long arguments to an unspecified sub-application, related to importing and exporting from a schema.
Desbordamiento del búfer de la pila en el plugin eDirectory en Novell iManager anterior a v2.7.3 permite a atacantes remotos ejecutar código de su elección a través de vectores que provoca argumentos largos para una sub-aplicación sin especificar, relacionado con la importación y exportación de un esquema.
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell iManager. Authentication is not required to exploit this vulnerability.
The flaw exists in an application called by the iManager in order to handle importing/exporting of schema information. While importing/exporting from the schema, the sub-application fails to validate the length of its arguments while copying user-supplied data into statically allocated stack buffer. This can result in code execution under the privileges of the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-12-30 CVE Reserved
- 2010-01-07 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/61584 | Vdb Entry | |
| http://secunia.com/advisories/38030 | Third Party Advisory | |
| http://www.novell.com/support/viewContent.do?externalId=7004985&sliceId=1 | X_refsource_confirm | |
| http://www.vupen.com/english/advisories/2010/0074 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-10-001 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/55468 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/37672 | 2017-08-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Imanager Search vendor "Novell" for product "Imanager" | <= 2.7.2 Search vendor "Novell" for product "Imanager" and version " <= 2.7.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Imanager Search vendor "Novell" for product "Imanager" | 1.5 Search vendor "Novell" for product "Imanager" and version "1.5" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Imanager Search vendor "Novell" for product "Imanager" | 2.0 Search vendor "Novell" for product "Imanager" and version "2.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Imanager Search vendor "Novell" for product "Imanager" | 2.0.2 Search vendor "Novell" for product "Imanager" and version "2.0.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Imanager Search vendor "Novell" for product "Imanager" | 2.5 Search vendor "Novell" for product "Imanager" and version "2.5" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Imanager Search vendor "Novell" for product "Imanager" | 2.6.0 Search vendor "Novell" for product "Imanager" and version "2.6.0" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Imanager Search vendor "Novell" for product "Imanager" | 2.7.1 Search vendor "Novell" for product "Imanager" and version "2.7.1" | - |
Affected
| ||||||