Intrusion Prevention

Novell.eDirectory.HttpStk.dlm.Stack.Overflow

Description

This indicates an attempt to exploit a buffer overflow vulnerability in Novell eDirectory.
The vulnerability is caused by an error that occurs when the vulnerable software handles client-supplied HTTP Host request-header. It allows a remote attacker to execute arbitrary code via a crafted request.
Attacker-supplied code can be executed on vulnerable systems with a privilege level equal to the process that loads the httpstk library (the Novell Directory Services process). By default, this is NT_AUTHORITY\SYSTEM on Windows and root on Linux and Solaris.

Affected Products

Novell eDirectory >=8.7.3.8 on windows and linux.

Impact

System compromise

Recommended Actions

FTF packages and additional information will be available on Novell's website by searching for one or more of the following TIDs: 2974592, 2974600, 2974603.

CVE References

CVE-2006-5478