Novell eDirectory < 8.8 SP3 FTF3 iMonitor HTTP Accept-Language Header Overflow

critical Nessus Plugin ID 35760

Synopsis

The remote web server is affected by a buffer overflow vulnerability.

Description

The remote host is running eDirectory, a directory service software from Novell. The iMonitor component included with the installed version is affected by a buffer overflow vulnerability. By sending a specially crafted HTTP request to the iMonitor component with a malformed 'Accept-Language' header, it may be possible for a remote attacker to execute arbitrary code on the remote system.

Solution

Upgrade to eDirectory 8.8 SP3 with FTF3 or later.

See Also

http://www.nessus.org/u?714d89e9

http://www.nessus.org/u?671a8b0f

http://www.nessus.org/u?d17f8b20

Plugin Details

Severity: Critical

ID: 35760

File Name: edirectory_88SP3_FTF3.nasl

Version: 1.14

Type: remote

Family: Web Servers

Published: 3/3/2009

Updated: 8/8/2018

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:novell:edirectory

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

BID: 33928

Secunia: 34086