Short Name |
APP:NOVELL:EDIR-CONTENT-LEN-OF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Novell eDirectory HTTP Request Content-Length Heap Buffer Overflow |
Release Date |
2011/08/03 |
Update Number |
1966 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known heap buffer overflow vulnerability in Novell eDirectory. It is in the SOAP-HTTP protocol stack due to improper processing of the Content-Length header value. Remote attackers could exploit this vulnerability by sending SOAP-HTTP requests with specially crafted Content-Length value. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the server process. In a sophisticated attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the affected service. In an attack case where code injection is not successful, the affected service may terminate abnormally.
Novell eDirectory is prone to multiple buffer-overflow vulnerabilities. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application or to cause denial-of-service conditions. These issues affect eDirectory 8.7.3 SP10 prior to 8.7.3 SP10 FTF1.