Lucene search

[email protected]CVE-2008-0924

HistoryMar 28, 2008 - 6:44 p.m.

CVE-2008-0924

2008-03-2818:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-0924

buffer overflow

remote attackers

denial of service

arbitrary code

libnldap

ndsd

novell edirectory

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.076 Low

EPSS

Percentile

94.2%

JSON

Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field.

Affected configurations

NVD

Node

novelledirectoryRange8.7–8.7.3.9

novelledirectoryRange8.8–8.8.1

CPENameOperatorVersion
novell:edirectorynovell edirectoryle8.7.3.9
novell:edirectorynovell edirectoryle8.8.1

CPE	Name	Operator	Version
novell:edirectory	novell edirectory	le	8.7.3.9
novell:edirectory	novell edirectory	le	8.8.1

References

secunia.com/advisories/29476

www.securityfocus.com/archive/1/490117/100/0/threaded

www.securityfocus.com/bid/28434

www.securitytracker.com/id?1019692

www.vupen.com/english/advisories/2008/0987/references

www.zerodayinitiative.com/advisories/ZDI-08-013/

secure-support.novell.com/KanisaPlatform/Publishing/411/3382120_f.SAL_Public.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

High

0.076 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2008-0924

prion1 nvd1 cvelist1 securityvulns2 seebug1 zdi1