Heap-Based Buffer Overflow Vulnerability in Novell eDirectory
CVE-2008-4480

Currently unrated

Key Information:

Vendor: Novell
Status: Edirectory
Vendor: CVE Published:; 14 October 2008

Summary

A heap-based buffer overflow vulnerability exists in the dhost.exe component of Novell eDirectory versions prior to 8.8.3 and 8.7.3 before 8.7.3.10 ftf1. Remote attackers can exploit this vulnerability by sending a specially crafted Netware Core Protocol message (opcode 0x24), leading to a calculation error that results in under-allocation of a heap buffer. Successful exploitation could potentially allow an attacker to execute arbitrary code on the affected system.

References

http://www.novell.com/support/viewContent.do?externalId=3...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/2738

vdb-entryx_refsource_VUPEN

http://support.novell.com/docs/Readmes/InfoDocument/patch...

x_refsource_CONFIRM

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 14, 2008
Vulnerability Reserved
Oct 7, 2008