Stack-based Buffer Overflow in Novell eDirectory for Windows
CVE-2009-4654

Currently unrated

Key Information:

Vendor: Novell
Status: Edirectory
Vendor: CVE Published:; 26 February 2010

What is CVE-2009-4654?

A stack-based buffer overflow issue exists in the dhost module of Novell eDirectory 8.8 SP5 for Windows. This vulnerability enables authenticated remote users to execute arbitrary code by exploiting overly long 'sadminpwd' and 'verifypwd' parameters during a submit action to the '/dhost/httpstk' endpoint. Properly handling these parameters is crucial to mitigate the risks associated with potential exploitation.

References

http://www.securityfocus.com/bid/37042

vdb-entryx_refsource_BID

http://tcc.hellcode.net/advisories/hellcode-adv005.txt

x_refsource_MISC

http://downloads.securityfocus.com/vulnerabilities/exploi...

x_refsource_MISC

EPSS Score

20% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 26, 2010
Vulnerability Reserved
Feb 26, 2010