SAINT CorporationSAINT:AB803373A62B07AD8CE7F928C26EEFB7Novell eDirectory NCP KeyedObjectLogin Function Vulnerability
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.938 High
EPSS
Percentile
99.1%
Added: 02/07/2013
CVE: CVE-2012-0432
BID: 57038
OSVDB: 88718
Background
Novell eDirectory is a directory server which implements the NetWare Core Protocol (NCP) to synchronize data changes between the servers in a directory service tree. NCP is used to access file, print, directory, clock synchronization, messaging, remote command execution and other network service functions. TCP/IP implementations use TCP port 524.
Problem
Novell eDirectory versions prior to 8.8.7.2 and 8.8.6.7 are vulnerable to stack based buffer overflow in the NCP implementation as a result of improper validation of user-supplied input to the **KeyedObjectLogin** function. The vulnerable process runs as root by default, so a successful remote unauthenticated attacker could execute arbitrary code on the compromised system as the root user.
Resolution
Update to Novell eDirectory version 8.8.7.2 or 8.8.6.7.
References
<http://www.novell.com/support/kb/doc.php?id=3426981>
<http://secunia.com/advisories/51667/>
Limitations
This exploit was tested against Novell eDirectory 8.8.7 on CentOS 6 with Exec-Shield Enabled.
Platforms
Linux
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.938 High
EPSS
Percentile
99.1%