Novell eDirectory NCP KeyedObjectLogin Function Vulnerability
Added: 02/07/2013CVE: CVE-2012-0432
BID: 57038
OSVDB: 88718
Background
Novell eDirectory is a directory server which implements the NetWare Core Protocol (NCP) to synchronize data changes between the servers in a directory service tree. NCP is used to access file, print, directory, clock synchronization, messaging, remote command execution and other network service functions. TCP/IP implementations use TCP port 524.Problem
Novell eDirectory versions prior to 8.8.7.2 and 8.8.6.7 are vulnerable to stack based buffer overflow in the NCP implementation as a result of improper validation of user-supplied input to the KeyedObjectLogin function. The vulnerable process runs as root by default, so a successful remote unauthenticated attacker could execute arbitrary code on the compromised system as the root user.Resolution
Update to Novell eDirectory version 8.8.7.2 or 8.8.6.7.References
http://www.novell.com/support/kb/doc.php?id=3426981http://secunia.com/advisories/51667/
Limitations
This exploit was tested against Novell eDirectory 8.8.7 on CentOS 6 with Exec-Shield Enabled.Platforms
LinuxBack to exploit index