CVE-2008-4478

Currently unrated

Key Information:

Vendor: Novell
Status: Edirectory
Vendor: CVE Published:; 14 October 2008

Summary

Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.

References

http://www.zerodayinitiative.com/advisories/ZDI-08-065

x_refsource_MISC

http://securityreason.com/securityalert/4406

third-party-advisoryx_refsource_SREASON

https://exchange.xforce.ibmcloud.com/vulnerabilities/45628

vdb-entryx_refsource_XF

EPSS Score

67% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 14, 2008
Vulnerability Reserved
Oct 7, 2008

Collectors

NVD DatabaseMitre Database