CVE-2008-4479

2008-10-1422:36:58

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-4479

novell edirectory

buffer overflow

security vulnerability

remote code execution

soap request

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.896 High

EPSS

Percentile

98.8%

JSON

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.

Affected configurations

NVD

Node

novelledirectoryRange8.7.3–8.7.3.10

novelledirectoryRange8.8–8.8.3

CPENameOperatorVersion
novell:edirectorynovell edirectorylt8.7.3.10
novell:edirectorynovell edirectorylt8.8.3

CPE	Name	Operator	Version
novell:edirectory	novell edirectory	lt	8.7.3.10
novell:edirectory	novell edirectory	lt	8.8.3

References

secunia.com/advisories/32111

securityreason.com/securityalert/4405

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html

www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000086&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953

www.securityfocus.com/archive/1/497164/100/0/threaded

www.securitytracker.com/id?1020989

www.vupen.com/english/advisories/2008/2738

www.zerodayinitiative.com/advisories/ZDI-08-064