Heap-Based Buffer Overflow in Novell eDirectory Product
CVE-2008-4479

Currently unrated

Key Information:

Vendor: Novell
Status: Edirectory
Vendor: CVE Published:; 14 October 2008

Summary

A heap-based buffer overflow vulnerability exists in the dhost.exe component of Novell eDirectory versions prior to 8.8.3 and 8.7.3.10 ftf1. This flaw potentially allows remote adversaries to execute arbitrary code by sending a specially crafted SOAP request containing an excessively long Accept-Language header. Organizations using affected versions are encouraged to apply the latest patches to mitigate the risk associated with this vulnerability.

References

http://www.novell.com/support/php/search.do?cmd=displayKC...

x_refsource_CONFIRM

http://www.securitytracker.com/id?1020989

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2008/2738

vdb-entryx_refsource_VUPEN

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 14, 2008
Vulnerability Reserved
Oct 7, 2008