Signature Detail

APP: Novell eDirectory HTTP Request Content-Length Heap Buffer Overflow

This signature detects attempts to exploit a known heap buffer overflow vulnerability in Novell eDirectory. It is in the SOAP-HTTP protocol stack due to improper processing of the Content-Length header value. Remote attackers could exploit this vulnerability by sending SOAP-HTTP requests with specially crafted Content-Length value. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the server process. In a sophisticated attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service. In an attack case where code injection is not successful, the affected service may terminate abnormally.

Extended Description

Novell eDirectory is prone to multiple buffer-overflow vulnerabilities. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application or to cause denial-of-service conditions. These issues affect eDirectory 8.7.3 SP10 prior to 8.7.3 SP10 FTF1.

Affected Products

• Novell eDirectory 8.7.3.10
• Novell eDirectory 8.7.3 SP10b

References

• BugTraq: 31553
• CVE: CVE-2008-4478