Lucene search

[email protected]CVE-2008-5038

HistoryNov 12, 2008 - 9:09 p.m.

CVE-2008-5038

2008-11-1221:09:03

CWE-416

[email protected]

web.nvd.nist.gov

cve-2008-5038

netware core protocol

ncp

novell edirectory

vulnerability

remote code execution

denial of service

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.23 Low

EPSS

Percentile

96.6%

JSON

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of “Get NCP Extension Information By Name” requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.

Affected configurations

NVD

Node

novelledirectoryRange<8.7.3

novelledirectoryMatch8.7.3sp1windows

novelledirectoryMatch8.7.3sp2windows

novelledirectoryMatch8.7.3sp3windows

novelledirectoryMatch8.7.3sp4windows

novelledirectoryMatch8.7.3sp5windows

novelledirectoryMatch8.7.3sp6windows

novelledirectoryMatch8.7.3sp7windows

novelledirectoryMatch8.7.3sp8windows

novelledirectoryMatch8.7.3sp9windows

novelledirectoryMatch8.8-windows

CPENameOperatorVersion
novell:edirectorynovell edirectorylt8.7.3
novell:edirectorynovell edirectoryeq8.8

CPE	Name	Operator	Version
novell:edirectory	novell edirectory	lt	8.7.3
novell:edirectory	novell edirectory	eq	8.8

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=748

osvdb.org/48206

secunia.com/advisories/32395

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html

support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html

www.novell.com/support/viewContent.do?externalId=3426981

www.securityfocus.com/bid/31956

www.securitytracker.com/id?1021117

www.vupen.com/english/advisories/2008/2937

exchange.xforce.ibmcloud.com/vulnerabilities/46138

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.23 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2008-5038

openvas4 cvelist1 prion1 nvd1