CVE-2008-4479 — HIGH (10.0)

Q: How severe is CVE-2008-4479?

CVE-2008-4479 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-4479?

Check the references section above for vendor advisories and patch information. Affected products include: Novell Edirectory.

Vulnerability Description

Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Novell	Edirectory	>= 8.7.3, < 8.7.3.10

Related Weaknesses (CWE)

CWE-119

References

http://secunia.com/advisories/32111Third Party Advisory
http://securityreason.com/securityalert/4405Third Party Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.PatchVendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.PatchVendor Advisory
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=Vendor Advisory
http://www.securityfocus.com/archive/1/497164/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1020989Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2008/2738Third Party Advisory
http://www.zerodayinitiative.com/advisories/ZDI-08-064Third Party AdvisoryVDB Entry
http://secunia.com/advisories/32111Third Party Advisory
http://securityreason.com/securityalert/4405Third Party Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.PatchVendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.PatchVendor Advisory
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=Vendor Advisory
http://www.securityfocus.com/archive/1/497164/100/0/threadedThird Party AdvisoryVDB Entry

FAQ

What is CVE-2008-4479?

CVE-2008-4479 is a vulnerability with a CVSS score of 10.0 (HIGH). Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-L...

How severe is CVE-2008-4479?

CVE-2008-4479 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-4479?

Check the references section above for vendor advisories and patch information. Affected products include: Novell Edirectory.