CVE-2008-4478

EUVD-2008-4459
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
novelledirectory
𝑥
≤ 8.7.3.10
novelledirectory
8.7
novelledirectory
8.7.1
novelledirectory
8.7.1:sp1
novelledirectory
8.7.3
novelledirectory
8.7.3.8
novelledirectory
8.7.3.8_presp9:_presp9
novelledirectory
8.7.3.9
novelledirectory
8.7.3.9
novelledirectory
8.7.3.9
novelledirectory
8.7.3.9
novelledirectory
8.7.3.9
novelledirectory
8.8
novelledirectory
8.8
novelledirectory
8.8
novelledirectory
8.8
novelledirectory
8.8
novelledirectory
8.8.1
novelledirectory
8.8.1
novelledirectory
8.8.1
novelledirectory
8.8.1
novelledirectory
8.8.1
novelledirectory
8.8.2
novelledirectory
8.8.2
novelledirectory
8.8.2
novelledirectory
8.8.2
novelledirectory
8.8.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/32111
http://securityreason.com/securityalert/4406
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000087&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953
http://www.securityfocus.com/archive/1/497163/100/0/threaded
http://www.securityfocus.com/archive/1/497165/100/0/threaded
http://www.securitytracker.com/id?1020989
http://www.securitytracker.com/id?1020990
http://www.vupen.com/english/advisories/2008/2738
http://www.zerodayinitiative.com/advisories/ZDI-08-063
http://www.zerodayinitiative.com/advisories/ZDI-08-065
https://exchange.xforce.ibmcloud.com/vulnerabilities/45628
http://secunia.com/advisories/32111
http://securityreason.com/securityalert/4406
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000087&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953
http://www.securityfocus.com/archive/1/497163/100/0/threaded
http://www.securityfocus.com/archive/1/497165/100/0/threaded
http://www.securitytracker.com/id?1020989
http://www.securitytracker.com/id?1020990
http://www.vupen.com/english/advisories/2008/2738
http://www.zerodayinitiative.com/advisories/ZDI-08-063
http://www.zerodayinitiative.com/advisories/ZDI-08-065
https://exchange.xforce.ibmcloud.com/vulnerabilities/45628