Security Vulnerability: Remote code Execution in iMonitor

  • 3723994
  • 13-Mar-2007
  • 27-Jan-2014

Environment


Novell eDirectory 8.7.3.8 for and prior Linux
Novell eDirectory 8.7.3.8 for and prior Solaris
Novell eDirectory 8.7.3.8 for and prior Windows 2000
Novell eDirectory 8.7.3.8 and prior for Windows 2003
Novell eDirectory 8.8.1 and prior for Linux
Novell eDirectory 8.8.1 and prior for Solaris
Novell eDirectory 8.8.1 and prior for Windows 2003
Novell eDirectory 8.8.1 and prior for Windows 2000

Situation

Existing version of iMonitor shipped with eDir 8.7.3.8 (and prior) and eDir 8.8.1 (and prior) can be vulnerable to attack when a buffer is overflowed.

The vulnerability could allow remote execution of code on the server running iMonitor.

Resolution

This problem is resolved by applying eDir 8.8.1 ftf or newer for eDirectory 8.8.X

This problem is resolved by applying eDirectory 8.7.3 sp9 or newer version for eDirectory 8.7.3.X.

Patches are available at https://dl.netiq.com

Status

Reported to Engineering
Security Alert

Additional Information

This vulnerability was reported by:
Ryan Smith from http://www.hustlelabs.com and Michael Ligh from http://www.mnin.org.

http://www.mnin.org/advisories/2006_novell_httpstk.pdf


Manuel Santamarina Suarez through TippingPoint and the Zero Day Initiative.

http://www.zerodayinitiative.com/advisories/ZDI-CAN-081.html

ZDI-CAN-081: Novell eDirectory Server Host Header Buffer Overflow Vulnerability