CVE-2008-0924Improper Restriction of Operations within the Bounds of a Memory Buffer in Edirectory

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
3.9%
top 11.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Novell Edirectory
Timeline
PublishedMar 28
Latest updateMay 1

Description

Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDnovell/edirectory8.78.7.3.9+1

Patches

Patch: secure-support.novell.comPatch: secure-support.novell.com

🔴Vulnerability Details

2
GHSA
GHSA-pgm5-2qgh-cvjr: Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 82022-05-01
CVEList
CVE-2008-0924: Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 82008-03-28

💬Community

3
Bugzilla
CVE-2008-3829 condor: denial of service attack on Schedd via corrupt logfile2008-09-25
Bugzilla
CVE-2008-3826 condor: users can run jobs with arbitrary owners2008-09-25
Bugzilla
CVE-2008-3830 condor: allow or deny with overlapping netmasks may be ignored2008-09-25
CVE-2008-0924 — Novell Edirectory vulnerability | cvebase