Lucene search

[email protected]CVE-2008-4480

HistoryOct 14, 2008 - 10:36 p.m.

CVE-2008-4480

2008-10-1422:36:58

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-4480

buffer overflow

novell edirectory

security vulnerability

remote code execution

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.302 Low

EPSS

Percentile

97.0%

JSON

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.

Affected configurations

NVD

Node

novelledirectoryRange8.7.3–8.7.3.10

novelledirectoryRange8.8–8.8.3

CPENameOperatorVersion
novell:edirectorynovell edirectorylt8.7.3.10
novell:edirectorynovell edirectorylt8.8.3

CPE	Name	Operator	Version
novell:edirectory	novell edirectory	lt	8.7.3.10
novell:edirectory	novell edirectory	lt	8.8.3

References

secunia.com/advisories/32111

securityreason.com/securityalert/4404

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html

www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001183&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953

www.novell.com/support/viewContent.do?externalId=3426981

www.novell.com/support/viewContent.do?externalId=3477912

www.securityfocus.com/archive/1/497169/100/0/threaded

www.securitytracker.com/id?1020990

www.vupen.com/english/advisories/2008/2738

www.zerodayinitiative.com/advisories/ZDI-08-066/