Security Vulnerability: iMonitor Accept-Language Buffer Overflow

  • 7000538
  • 24-Feb-2009
  • 27-Jan-2014

Environment

Novell eDirectory 8.8.4 and prior for All Platforms
Novell eDirectory 8.7.3.10b and prior for All Platforms

Situation

When an Accept-Language header containing overly long string value is supplied in an HTTP request for URL "/nds", the http modules in eDirectory fails to bounds check the Accept-Language header. This will result to a buffer overflow.
 
Unauthenticated remote attackers could exploit this vulnerability by sending a maliciously crafted request to the HTTP or HTTPS ports of Novell eDirectory. The default ports are 8030/TCP for HTTPS and 8028/TCP for HTTP on eDirectory 8.8.x, while on eDirectory 8.7.x, the default ports are 8010/TCP for HTTPS and 8008/TCP for HTTP. As a result of processing the malicious packet, a buffer overflow can be triggered. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the System/root user.  Successful exploitation can also crash eDirectory.

Resolution

This problem is resolved by applying the following patches:

For eDirectory 8.8.X:
eDirectory 8.8.3 FTF3 or newer (non-OES)
eDirectory 8.8.4 FTF1 or newer (OES2 SP1)

For eDirectory 8.7.3.X:
eDirectory 8.7.3.10 ftf2 or newer

These patches are located at https://dl.netiq.com

eDirectory 8.8.3 FTF3 for OES2 is available via the channel.

Status

Reported to Engineering
Security Alert

Additional Information

This vulnerability was reported by:
"Vulnerability Research Team, Assurent Secure Technologies, a TELUS Company"


Feedback service temporarily unavailable. For content questions or problems, please contact Support.