CVE-2008-5038

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
novelledirectory
𝑥
< 8.7.3
novelledirectory
8.7.3:sp1
novelledirectory
8.7.3:sp2
novelledirectory
8.7.3:sp3
novelledirectory
8.7.3:sp4
novelledirectory
8.7.3:sp5
novelledirectory
8.7.3:sp6
novelledirectory
8.7.3:sp7
novelledirectory
8.7.3:sp8
novelledirectory
8.7.3:sp9
novelledirectory
8.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748
http://osvdb.org/48206
http://secunia.com/advisories/32395
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
http://www.novell.com/support/viewContent.do?externalId=3426981
http://www.securityfocus.com/bid/31956
http://www.securitytracker.com/id?1021117
http://www.vupen.com/english/advisories/2008/2937
https://exchange.xforce.ibmcloud.com/vulnerabilities/46138
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748
http://osvdb.org/48206
http://secunia.com/advisories/32395
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
http://www.novell.com/support/viewContent.do?externalId=3426981
http://www.securityfocus.com/bid/31956
http://www.securitytracker.com/id?1021117
http://www.vupen.com/english/advisories/2008/2937
https://exchange.xforce.ibmcloud.com/vulnerabilities/46138