Novell eDirectory iMonitor HTTP redirection buffer overflow

Added: 10/26/2006
CVE: CVE-2006-5478
BID: 20655
OSVDB: 29993

Background

iMonitor is a web service which is a component of Novell eDirectory.

Problem

iMonitor allows remote command execution by sending specially crafted HTTP header data in a request for certain URLs, which results in a buffer overflow when an HTTP redirection response is processed.

Resolution

Apply edir881ftf_1.exe, edir881ftf_1.tgz, or edir8738ftf_http.tgz. Files are available from Novell.

References

http://secunia.com/advisories/22519/

Limitations

Exploit works on Novell eDirectory 8.8.

Platforms

Windows

Back to exploit index