vendor:
eDirectory
by:
Matteo Memelli
9.3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: eDirectory
Affected Version From: 8.8 SP5
Affected Version To: 8.8 SP5
Patch Exists: YES
Related CWE: N/A
CPE: a:novell:edirectory
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009
Novell eDirectory 8.8 SP5 iConsole BOF
This exploit is for Novell eDirectory 8.8 SP5 iConsole. It was found by Hellcode Labs and the original POC was provided by SecurityFocus. It was coded by Matteo Memelli of Offensive Security. It is a buffer overflow exploit which uses Msf::Encoder::PexAlphaNum with a final size of 709 bytes. It uses a GET request to send the malicious payload to the vulnerable server.
Mitigation:
Upgrade to the latest version of Novell eDirectory 8.8 SP5 iConsole.