10

CVE-2008-4480

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NovellEdirectory Version >= 8.7.3 < 8.7.3.10
NovellEdirectory Version >= 8.8 < 8.8.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.6% 0.952
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
Patch
Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
Patch
Vendor Advisory
http://secunia.com/advisories/32111
Third Party Advisory
http://www.securitytracker.com/id?1020990
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/2738
Third Party Advisory
http://securityreason.com/securityalert/4404
Third Party Advisory
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001183&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953
Vendor Advisory
http://www.novell.com/support/viewContent.do?externalId=3426981
Vendor Advisory
http://www.novell.com/support/viewContent.do?externalId=3477912
Vendor Advisory
http://www.securityfocus.com/archive/1/497169/100/0/threaded
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-066/
Third Party Advisory
VDB Entry