10

CVE-2008-5038

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NovellEdirectory Version < 8.7.3
NovellEdirectory Version8.7.3 Updatesp1 SwPlatformwindows
NovellEdirectory Version8.7.3 Updatesp2 SwPlatformwindows
NovellEdirectory Version8.7.3 Updatesp3 SwPlatformwindows
NovellEdirectory Version8.7.3 Updatesp4 SwPlatformwindows
NovellEdirectory Version8.7.3 Updatesp5 SwPlatformwindows
NovellEdirectory Version8.7.3 Updatesp6 SwPlatformwindows
NovellEdirectory Version8.7.3 Updatesp7 SwPlatformwindows
NovellEdirectory Version8.7.3 Updatesp8 SwPlatformwindows
NovellEdirectory Version8.7.3 Updatesp9 SwPlatformwindows
NovellEdirectory Version8.8 Update- SwPlatformwindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.21% 0.926
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
Patch
Vendor Advisory
Broken Link
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
Patch
Broken Link
http://www.novell.com/support/viewContent.do?externalId=3426981
Broken Link
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748
Broken Link
http://osvdb.org/48206
Broken Link
http://secunia.com/advisories/32395
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/31956
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1021117
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2008/2937
Vendor Advisory
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/46138
Third Party Advisory
VDB Entry