CVE-2008-5038 — CRITICAL (9.8)

Q: How severe is CVE-2008-5038?

CVE-2008-5038 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2008-5038?

Check the references section above for vendor advisories and patch information. Affected products include: Novell Edirectory.

Vulnerability Description

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Novell	Edirectory	< 8.7.3

Related Weaknesses (CWE)

CWE-416

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748Broken Link
http://osvdb.org/48206Broken Link
http://secunia.com/advisories/32395Broken LinkVendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.Broken LinkPatchVendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.Broken LinkPatch
http://www.novell.com/support/viewContent.do?externalId=3426981Broken Link
http://www.securityfocus.com/bid/31956Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1021117Broken LinkThird Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2008/2937Broken LinkVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/46138Third Party AdvisoryVDB Entry
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748Broken Link
http://osvdb.org/48206Broken Link
http://secunia.com/advisories/32395Broken LinkVendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.Broken LinkPatchVendor Advisory
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.Broken LinkPatch

FAQ

What is CVE-2008-5038?

CVE-2008-5038 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of serv...

How severe is CVE-2008-5038?

CVE-2008-5038 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2008-5038?

Check the references section above for vendor advisories and patch information. Affected products include: Novell Edirectory.