Vulnerability in N/a
CVE-2008-4478
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Pr…
EPSS: 0.608 (98.3th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- www.zerodayinitiative.com/advisories/ZDI-08-065 (x_refsource_MISC)
- 4406 (x_refsource_SREASON, third-party-advisory)
- novell-edirectory-httpcontentlength-dos(45628) (vdb-entry, x_refsource_XF)
- 1020989 (vdb-entry, x_refsource_SECTRACK)
- ADV-2008-2738 (vdb-entry, x_refsource_VUPEN)
- support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html (x_refsource_CONFIRM)
- 32111 (x_refsource_SECUNIA, third-party-advisory)
- www.zerodayinitiative.com/advisories/ZDI-08-063 (x_refsource_MISC)
- 20081008 ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability (mailing-list, x_refsource_BUGTRAQ)
- 20081008 ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability (mailing-list, x_refsource_BUGTRAQ)