Signature Detail

HTTP: Novell eDirectory Management Console Accept-Language Buffer Overflow

This signature detects attempts to exploit a known buffer overflow vulnerability in Novell eDirectory. It is due to a boundary error when processing HTTP requests. By supplying an overly large number of values for the Accept-Language header, a remote unauthenticated attacker can leverage this vulnerability to inject and execute arbitrary code on the target host with System or root level privileges. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed with System or root privileges. In the case of an unsuccessful code execution attack, eDirectory might terminate abnormally.

References

• URL: http://www.juniper.net/security/auto/vulnerabilities/vuln33928.html