Security Vulnerability: DHOST Content-Length Header Heap Overflow

  • 7000087
  • 14-Apr-2008
  • 26-Apr-2012


Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms


Exploit of the Content-Length can allow an attacker to set a zero sized buffer which a copy would then result in a buffer overflow and cause eDirectory to crash.

Exploitation of this vulnerability doesn't require authentication.

Exploitation of this vulnerability can result in a denial of service or arbitrary execution of code.

Exploitation requires network access.


For eDirectory 8.8:
Apply eDirectory 8.8.3

For eDirectory 8.7.3:
Apply eDirectory ftf1

Additional Information

ZDI-08-063: eDirectory Content-Length Header Heap Overflow

This vulnerability was reported by Zero Day Initiative (ZDI) established by TippingPoint, a division of 3Com.