Security Vulnerability: DHOST Language Header Heap Overflow

  • 7000086
  • 14-Apr-2008
  • 26-Apr-2012

Environment


Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms

Situation

The length of the "Accept-Language" value can cause a buffer overflow and overwrite the adjacent memory.

Resolution

For eDirectory 8.8:
Apply eDirectory 8.8.3

For eDirectory 8.7.3:
Apply eDirectory 8.7.3.10 ftf1

Additional Information

ZDI-08-064: eDirectory Accept Language header heap overflow

http://www.zerodayinitiative.com/advisories/ZDI-08-064.html

This vulnerability was reported by an anonymous source through Zero Day Initiative (ZDI) established by TippingPoint, a division of 3Com.

CVE-2008-4479