Check Point Advisories

Update Protection against Novell eDirectory SOAP Handling Accept Language Header Overflow

Check Point Reference: CPAI-2008-225
Date Published: 10 Oct 2008
Severity: High
Last Updated: Tuesday 01 January, 2008
Source: Secunia: SA32111
Industry Reference:

CVE-2008-4479

Protection Provided by:
Who is Vulnerable? eDirectory 8.8
eDirectory 8.7.3
Vulnerability Description A buffer overflow vulnerability exists in Novell eDirectory Directory Services over SOAP. Novell eDirectory is a cross-platform directory server used for identity management. Novell eDirectory utilizes various protocols to provide information services to various platforms, including HTTP-based SOAP.  The vulnerability is due to an error while handling crafted SOAP requests with malicious Accept-Language HTTP headers. Unauthenticated remote attackers could exploit this vulnerability by sending a maliciously crafted request to a vulnerable installation of Novell eDirectory. Successful exploitation would allow for code execution with the privileges of the System user.
Update/Patch AvaliableNovell has issued an update to correct this vulnerability:
TID 7000086
Vulnerability DetailsThe vulnerability lies in the web console running on 8028/TCP and 8030/TCP. Novell eDirectory uses a web console to accept SOAP connections over HTTP. The flaw is due to boundary error when parsing SOAP-HTTP requests. By supplying an overly large value to the Accept-Language header (the header which indicates the desired language of the client browser), an attacker can execute remote arbitrary code on the target system.  

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK