Novell eDirectory HTTP Request Content-Length Heap Buffer Overflow
| Check Point Reference: | CPAI-2008-224 | |
| Date Published: | ||
| Severity: | ||
| Source: | SecurityTracker Alert ID: 1020786 | |
| Industry Reference(s): | CVE-2008-4478 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? Novell eDirectory 8.8 prior to SP3 Novell eDirectory 8.7.3 prior to SP10 FTF1 | ||
| Vulnerability Description A remote code execution vulnerability exists in Novell eDirectory. Novell eDirectory is a cross-platform directory server used for identity management. Novell eDirectory utilizes various protocols to provide information services to various platforms, including HTTP-based SOAP. Novell eDirectory fails to handle SOAP connections with specially crafted Content-Length value.Unauthenticated remote attackers could exploit this vulnerability to execute arbitrary code by sending a maliciously crafted SOAP request to a vulnerable installation of Noverll eDirectory. |
||
|
Update/Patch Available Novell has issued an update to correct this vulnerability: TID 7000087 |
|
|
Vulnerability Details The vulnerability lies in the web console running on 8028/TCP and 8030/TCP. Novell eDirectory uses a web console to accept SOAP connections. While parsing a malicious Content-Length header value within a SOAP request, several integer overflows can occur, that may lead to arbitrary code execution on a vulnerable installation of Novell eDirectory. |
Protection Overview
By enabling this protection, IPS-1 will detect and block HTTP messages with invalid content length values, which may be indicative of an attack.
To configure the defense, select your product from the list below and follow the related protection steps.