Update Protection against Novell eDirectory dhost HTTPSTK Buffer Overflow Vulnerability
| Check Point Reference: | CPAI-2009-301 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Bugtraq ID: 37042 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Novell eDirectory 8.8 SP5 | ||
| Vulnerability Description A code execution vulnerability exists in Novell eDirectory. Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) server, intended for use as part of an identity management solution. The vulnerability is due to an error in dhost when handling HTTP requests. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable system. Successful exploitation would allow for execution of arbitrary code. |
||
|
Update/Patch Available The vendor has not released an advisory addressing this vulnerability. Discoverer advisory: http://tcc.hellcode.net/advisories/hellcode-adv005.txt |
|
|
Vulnerability Details The vulnerability is due to lack of boundary validation when handling HTTP requests to the HTTPSTK form, especially the sadminpwd and verifypwd parameters. |
Protection Overview
This protection will detect and block HTTP post requests to the eDirectory dhost application with malformed "sadminpwd" parameters.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.