Integer Overflow Vulnerability in Novell eDirectory Product
CVE-2008-4478

Currently unrated

Key Information:

Vendor: Novell
Status: Edirectory
Vendor: CVE Published:; 14 October 2008

What is CVE-2008-4478?

Multiple integer overflows in the dhost.exe component of Novell eDirectory versions prior to 8.8.3 and 8.7.3.10 allow remote attackers to execute arbitrary code. This vulnerability is exploited through specially crafted Content-Length headers in SOAP requests or by using specific Netware Core Protocol opcode messages, resulting in heap-based buffer overflow conditions that can compromise system integrity.

References

http://www.zerodayinitiative.com/advisories/ZDI-08-065

x_refsource_MISC

http://securityreason.com/securityalert/4406

third-party-advisoryx_refsource_SREASON

https://exchange.xforce.ibmcloud.com/vulnerabilities/45628

vdb-entryx_refsource_XF

EPSS Score

65% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2008
Vulnerability Reserved
Oct 7, 2008