Vulnerability Name:

CVE-2008-5038 (CCN-46138)

Assigned:2008-10-23
Published:2008-10-23
Updated:2017-08-08
Summary:Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-5038

Source: IDEFENSE
Type: UNKNOWN
20081030 Novell eDirectory NCP Get Extension Information Request Memory Corruption Vulnerability

Source: OSVDB
Type: UNKNOWN
48206

Source: CCN
Type: SA32395
Novell eDirectory NCP Unspecified Vulnerability

Source: SECUNIA
Type: Vendor Advisory
32395

Source: CCN
Type: SECTRACK ID: 1021117
Novell eDirectory NCP Request Processing Bug Lets Remote Users Execute Arbitrary Code

Source: CCN
Type: Novell Technical Information Document ID: 5037180
Novell eDirectory 20080924

Source: CONFIRM
Type: Patch, Vendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html

Source: CCN
Type: Novell Technical Information Document ID: 5037181
Novell eDirectory 20080924

Source: CONFIRM
Type: Patch
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html

Source: CONFIRM
Type: UNKNOWN
http://www.novell.com/support/viewContent.do?externalId=3426981

Source: CCN
Type: OSVDB ID: 48206
Novell eDirectory NDS on Windows Unspecified Remote Memory Corruption

Source: CCN
Type: OSVDB ID: 49375
Novell eDirectory NCP Engine Unspecified Memory Corruption

Source: BID
Type: UNKNOWN
31956

Source: CCN
Type: BID-31956
Novell eDirectory NCP Get Extension Information Request Remote Heap Memory Corruption Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021117

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2937

Source: XF
Type: UNKNOWN
novell-edirectory-ncp-code-execution(46138)

Source: XF
Type: UNKNOWN
novell-edirectory-ncp-unspecified(46138)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 10.03.08
Novell eDirectory NCP Get Extension Information Request Memory Corruption Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:edirectory:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.5.27:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp1:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp2:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp3:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp4:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp5:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp6:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp7:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp8:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:*:sp9:windows:*:*:*:*:* (Version <= 8.7.3)
  • OR cpe:/a:novell:edirectory:8.8:sp2:windows:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:novell:edirectory:8.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.5.12a:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.5.27:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8:sp2:*:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp1:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp2:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp3:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp4:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp5:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp6:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp7:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp8:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.7.3:sp9:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8:sp2:windows:*:*:*:*:*
  • OR cpe:/a:novell:edirectory:8.8:sp1:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    novell edirectory 8.0
    novell edirectory 8.5
    novell edirectory 8.5.12a
    novell edirectory 8.5.27
    novell edirectory 8.6.2
    novell edirectory 8.7
    novell edirectory 8.7.1
    novell edirectory 8.7.1 sp1
    novell edirectory 8.7.3
    novell edirectory 8.7.3 sp1
    novell edirectory 8.7.3 sp2
    novell edirectory 8.7.3 sp3
    novell edirectory 8.7.3 sp4
    novell edirectory 8.7.3 sp5
    novell edirectory 8.7.3 sp6
    novell edirectory 8.7.3 sp7
    novell edirectory 8.7.3 sp8
    novell edirectory * sp9
    novell edirectory 8.8 sp2
    novell edirectory 8.6.2
    novell edirectory 8.7
    novell edirectory 8.7.3
    novell edirectory 8.8
    novell edirectory 8.0
    novell edirectory 8.5
    novell edirectory 8.5.12a
    novell edirectory 8.5.27
    novell edirectory 8.7.1
    novell edirectory 8.7.1 sp1
    novell edirectory 8.8 sp2
    novell edirectory 8.7.3 sp1
    novell edirectory 8.7.3 sp2
    novell edirectory 8.7.3 sp3
    novell edirectory 8.7.3 sp4
    novell edirectory 8.7.3 sp5
    novell edirectory 8.7.3 sp6
    novell edirectory 8.7.3 sp7
    novell edirectory 8.7.3 sp8
    novell edirectory 8.7.3 sp9
    novell edirectory 8.8 sp2
    novell edirectory 8.8 sp1