Security Vulnerability: iMonitor Accept-Language Buffer Overflow

  • 7000538
  • 24-Feb-2009
  • 27-Jan-2014


Novell eDirectory 8.8.4 and prior for All Platforms
Novell eDirectory and prior for All Platforms


When an Accept-Language header containing overly long string value is supplied in an HTTP request for URL "/nds", the http modules in eDirectory fails to bounds check the Accept-Language header. This will result to a buffer overflow.
Unauthenticated remote attackers could exploit this vulnerability by sending a maliciously crafted request to the HTTP or HTTPS ports of Novell eDirectory. The default ports are 8030/TCP for HTTPS and 8028/TCP for HTTP on eDirectory 8.8.x, while on eDirectory 8.7.x, the default ports are 8010/TCP for HTTPS and 8008/TCP for HTTP. As a result of processing the malicious packet, a buffer overflow can be triggered. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the System/root user.  Successful exploitation can also crash eDirectory.


This problem is resolved by applying the following patches:

For eDirectory 8.8.X:
eDirectory 8.8.3 FTF3 or newer (non-OES)
eDirectory 8.8.4 FTF1 or newer (OES2 SP1)

For eDirectory 8.7.3.X:
eDirectory ftf2 or newer

These patches are located at

eDirectory 8.8.3 FTF3 for OES2 is available via the channel.


Reported to Engineering
Security Alert

Additional Information

This vulnerability was reported by:
"Vulnerability Research Team, Assurent Secure Technologies, a TELUS Company"