Vulnerability Name:

CVE-2008-4478 (CCN-45627)

Assigned:2008-10-01
Published:2008-10-01
Updated:2018-10-11
Summary:Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-4478

Source: CCN
Type: SA32111
Novell eDirectory Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
32111

Source: SREASON
Type: UNKNOWN
4406

Source: CCN
Type: SECTRACK ID: 1020989
Novell eDirectory Management Toolbox HTTP Header Processing Bugs Let Remote Users Deny Service

Source: CCN
Type: SECTRACK ID: 1020990
Novell eDirectory Heap Overflow in Processing Certain Opcodes Lets Remote Users Execute Arbitrary Code

Source: CONFIRM
Type: Patch
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html

Source: CONFIRM
Type: Patch
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html

Source: CONFIRM
Type: Vendor Advisory
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000087&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953

Source: CCN
Type: Novell Technical Information Document ID: 7001184
Security Vulnerability - eDirectory Core Protocol Opcode 0x0F Heap Overflow

Source: CONFIRM
Type: Vendor Advisory
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953

Source: CCN
Type: Novell Security Alert Document ID: 3477912
History of Issues resolved in eDirectory 8.7.3 patches

Source: BUGTRAQ
Type: UNKNOWN
20081008 ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20081008 ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability

Source: CCN
Type: BID-31553
Novell eDirectory Multiple Buffer Overflow Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1020989

Source: SECTRACK
Type: UNKNOWN
1020990

Source: VUPEN
Type: UNKNOWN
ADV-2008-2738

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-08-063

Source: MISC
Type: UNKNOWN
http://www.zerodayinitiative.com/advisories/ZDI-08-065

Source: XF
Type: UNKNOWN
novell-edirectory-dsvread-bo(45627)

Source: XF
Type: UNKNOWN
novell-edirectory-httpcontentlength-dos(45628)

Source: CCN
Type: ZDI-08-065
Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:edirectory:8.7:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3.8_presp9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3.9:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3.9:*:linux:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3.9:*:solaris:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3.9:*:windows_2000:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3.9:*:windows_2003:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:*:*:*:*:*:*:*:* (Version <= 8.7.3.10)
  • OR cpe:/a:novell:edirectory:8.8:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8:*:linux:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8:*:solaris:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8:*:windows_2000:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8:*:windows_2003:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8.1:*:linux:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8.1:*:solaris:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8.1:*:windows_2000:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8.1:*:windows_2003:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8.2:*:linux:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8.2:*:solaris:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8.2:*:windows_2000:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8.2:*:windows_2003:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2008-4478 (CCN-45628)

    Assigned:2008-10-01
    Published:2008-10-01
    Updated:2008-10-01
    Summary:Novell eDirectory is vulnerable to a heap-based buffer overflow, caused by an integer overflow error in the Web console. By sending a specially-crafted SOAP request containing an HTTP Content-Length header, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2008-4478

    Source: CCN
    Type: SA32111
    Novell eDirectory Multiple Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1020989
    Novell eDirectory Management Toolbox HTTP Header Processing Bugs Let Remote Users Deny Service

    Source: CCN
    Type: SECTRACK ID: 1020990
    Novell eDirectory Heap Overflow in Processing Certain Opcodes Lets Remote Users Execute Arbitrary Code

    Source: CCN
    Type: Novell Technical Information Document ID: 7000087
    Security Vulnerability: DHOST Content-Length Header Heap Overflow

    Source: CCN
    Type: Novell Security Alert Document ID: 3477912
    History of Issues resolved in eDirectory 8.7.3 patches

    Source: CCN
    Type: BID-31553
    Novell eDirectory Multiple Buffer Overflow Vulnerabilities

    Source: XF
    Type: UNKNOWN
    novell-edirectory-httpcontentlength-bo(45628)

    Source: CCN
    Type: ZDI-08-063
    Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:novell:edirectory:8.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    novell edirectory 8.7
    novell edirectory 8.7.1
    novell edirectory 8.7.1 sp1
    novell edirectory 8.7.3
    novell edirectory 8.7.3.8
    novell edirectory 8.7.3.8_presp9
    novell edirectory 8.7.3.9
    novell edirectory 8.7.3.9
    novell edirectory 8.7.3.9
    novell edirectory 8.7.3.9
    novell edirectory 8.7.3.9
    novell edirectory *
    novell edirectory 8.8
    novell edirectory 8.8
    novell edirectory 8.8
    novell edirectory 8.8
    novell edirectory 8.8
    novell edirectory 8.8.1
    novell edirectory 8.8.1
    novell edirectory 8.8.1
    novell edirectory 8.8.1
    novell edirectory 8.8.1
    novell edirectory 8.8.2
    novell edirectory 8.8.2
    novell edirectory 8.8.2
    novell edirectory 8.8.2
    novell edirectory 8.8.2
    novell edirectory 8.7.3
    novell edirectory 8.8