Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2006-4510 to a friend New vulnerability? New tool? Tell us	CVE-2006-4510 Novell eDirectory Multiple Vulnerabilities     Credit: The information has been provided by iDefense. The original article(s) can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=426 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=427 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=428 Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2006-4510 Details Check for CVE-2006-4510 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Novell eDirectory server version 8.8.1.  * Novell eDirectory server version 8.8  * Earlier versions are suspected to be vulnerable as well. NCP over IP length Heap Overflow: This vulnerability specifically exists within the NCP functionality of eDirectory. A specially crafted packet will cause eDirectory to read a user specified amount of user supplied data into a static sized heap buffer. The NCP engine does not verify that the supplied data will fit inside the allocated heap buffer bounds. As such, a heap buffer overflow occurs. CVE Information: CVE-2006-4177 evtFilteredMonitorEventsRequest Heap Overflow: This problem stems from an integer overflow that occurs when allocating memory for attacker supplied data. The evtFilteredMonitorEventsRequest function takes user input and multiplies it by 16, then adds 16 without first validating that an integer overflow will not occur. If allocation succeeds, the function will proceed to loop, filling the memory with partially controllable input. Since the loop is bounded directly by the attacker supplied length value, heap overflow will occur. CVE Information: CVE-2006-4509 evtFilteredMonitorEventsRequest Invalid Free Vulnerability: The evtFilteredMonitorEventsRequest function takes an array of objects that contain an allocated string and two integer values. When an attacker supplies less objects than is specified by the number of objects to be sent, an invalid free condition arises. Due to the cleanup loop being bound by the number supplied within the request rather than the number actually processed, the free() function will be called on values on the heap which are outside of the bounds of the allocated array. CVE Information: CVE-2006-4510 Successful exploitation of those vulnerabilities could allow an attacker to crash the server or execute arbitrary code. No credentials are required. Typically this daemon runs with administrator privileges. Vendor Status: Novell has addressed this vulnerability with eDirectory 8.8.1 FTF1. You can obtain the Linux/Unix version of this update from their site at: http://support.novell.com/servlet/filedownload/sec/pub/edir881ftf_1.tgz/ The windows version of this update is available at: http://support.novell.com/servlet/filedownload/sec/pub/edir881ftf_1.exe/ Disclosure Timeline:  * 08/16/2006 - Initial vendor notification  * 08/17/2006 - Initial vendor response  * 10/06/2006 - Second vendor notification  * 10/20/2006 - Vendor update released  * 10/21/2006 - Public disclosure  Comments on CVE-2006-4510:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2017 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®