Vulnerability Name:

CVE-2009-4654 (CCN-54308)

Assigned:2009-11-16
Published:2009-11-16
Updated:2018-10-10
Summary:Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
8.2 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
8.2 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-4654

Source: MISC
Type: Exploit
http://downloads.securityfocus.com/vulnerabilities/exploits/37042-2.pl

Source: CCN
Type: SECTRACK ID: 1023188
Novell eDirectory Buffer Overflow in HTTPSTK Login Page Lets Remote Authenticated Users Execute Arbitrary Code

Source: CCN
Type: Hellcode Web site
eDirectory for Windows Stack Overflow

Source: MISC
Type: Exploit
http://tcc.hellcode.net/advisories/hellcode-adv005.txt

Source: MISC
Type: Exploit
http://tcc.hellcode.net/sploitz/httpstk.txt

Source: CCN
Type: Novell Web site
Novell eDirectory

Source: CCN
Type: OSVDB ID: 62662
Novell eDirectory dhost Module dhost/httpstk Multiple Parameter Remote Overflow

Source: BUGTRAQ
Type: UNKNOWN
20091117 Hellcode Research: Novell eDirectory HTTPSTK Login Stack Overflow Vulnerability

Source: BID
Type: Exploit
37042

Source: CCN
Type: BID-37042
Novell eDirectory '/dhost/httpstk' Multiple Stack Buffer Overflow Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1023188

Source: XF
Type: UNKNOWN
edirectory-httpstk-bo(54308)

Source: XF
Type: UNKNOWN
edirectory-httpstk-bo(54308)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [01-06-2010]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:edirectory:8.8:sp5:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:novell:edirectory:8.8:sp5:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    novell edirectory 8.8 sp5
    microsoft windows *
    novell edirectory 8.8 sp5