Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Novell eDirectory
Опубликовано:9 октября 2008 г.
Источник:
SecurityVulns ID:9347
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные переполнения буфера при разборе трафика TCP/8028 и TCP/8028.
CVE:CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.)
 CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.)
 CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.)
Оригинальный текстdocumentZDI, ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow Vulnerability (09.10.2008)
 documentZDI, ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability (09.10.2008)
 documentZDI, ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap Overflow Vulnerability (09.10.2008)
 documentZDI, ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability (09.10.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород