|
|
Family: CGI abuses --> Category: infos
Novell eDirectory Host Request Header Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Send a special Host request header to eDirectory
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by a buffer overflow vulnerability.
Description :
The installed version of Novell eDirectory on the remote host
reportedly contains a buffer overflow that can be triggered with a
specially-crafted Host request header. An anonymous remote attacker
may be able to leverage this flaw to execute code on the affected
host, generally with super-user rights.
See also :
http://www.mnin.org/advisories/2006_novell_httpstk.pdf.
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0434.html
http://support.novell.com/filefinder/security/index.html
Solution :
Apply the eDirectory Post 8.7.3.8 FTF1 / 8.8.1 FTF1 patch as
appropriate.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
