Stack-based Buffer Overflow in Novell eDirectory for Windows
CVE-2009-4654

Currently unrated

Key Information:

Vendor

Novell
Status
Edirectory
Vendor
CVE Published:
26 February 2010

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 15%

What is CVE-2009-4654?

A stack-based buffer overflow issue exists in the dhost module of Novell eDirectory 8.8 SP5 for Windows. This vulnerability enables authenticated remote users to execute arbitrary code by exploiting overly long 'sadminpwd' and 'verifypwd' parameters during a submit action to the '/dhost/httpstk' endpoint. Properly handling these parameters is crucial to mitigate the risks associated with potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-4654 - Proof of Concept

References

http://www.securityfocus.com/bid/37042
vdb-entryx_refsource_BID
http://tcc.hellcode.net/advisories/hellcode-adv005.txt
x_refsource_MISC
http://downloads.securityfocus.com/vulnerabilities/exploi...
x_refsource_MISC

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.