CVE-2008-3159 - Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b a

CVE-2008-3159

Summary

Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."

References

Vulnerable Configurations

cpe:2.3:a:novell:edirectory:8.7.3:*:*:*:*:*:*:*
cpe:2.3:a:novell:edirectory:8.7.3:*:*:*:*:*:*:*
cpe:2.3:a:novell:edirectory:8.8:*:*:*:*:*:*:*
cpe:2.3:a:novell:edirectory:8.8:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 08-08-2017 - 01:31)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	30085
confirm	http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858
misc	http://www.zerodayinitiative.com/advisories/ZDI-08-041/
sectrack	1020431
secunia	30938
vupen	ADV-2008-1999
xf	novell-edirectory-dsdlm-bo(43589)

Last major update

08-08-2017 - 01:31

Published

14-07-2008 - 18:41

Last modified

08-08-2017 - 01:31