Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability

To: "zdi-disclosures@xxxxxxxx" <zdi-disclosures@xxxxxxxx>
Subject: Re: [Full-disclosure] ZDI-06-035: Novell eDirectory NDS Server Host Header Buffer Overflow Vulnerability
From: "Matt Richard" <matt.richard@xxxxxxxxx>
Date: Fri, 27 Oct 2006 23:35:35 -0400
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=qgyLd+8VWq0Bvn0568XS55Fnl2TY6S1uJ+YeCMGtnCjNlAVfl4/V7C8JbTYi7KDX28IuJSCqYOUccXHt0VsChy+JhhVtcAGJvsFzGdIqHEVNor54vwl/5aNdMy+loFq4G69VI/KpkXN+Iz6U7ZnSWlzDR0cJet1Vry04Mh1i6sU=
In-reply-to: <CHILKAT-MID-7295601f-ad2a-4f0b-bde4-34d1a51dbda0@xxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <CHILKAT-MID-7295601f-ad2a-4f0b-bde4-34d1a51dbda0@xxxxxxxxxxxxxxxxxxxxxxxxx>

On 10/27/06, zdi-disclosures@xxxxxxxx <zdi-disclosures@xxxxxxxx> wrote:

-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since October 26, 2006 by Digital Vaccine protection
filter ID 4519. For further product information on the TippingPoint IPS:

<snip>

The specific flaw exists within the httpstk.dll library within the
dhost.exe web interface of the eDirectory Host Environment. The web
interface does not validate the length of the HTTP Host header prior to
using the value of that header in an HTTP redirect. This results in an
exploitable stack-based buffer overflow.


This 0day was reported on 10/20/06 here
http://www.mnin.org/advisories/2006_novell_httpstk.pdf.

Seems that your initiative has fallen a bit behind.  Your customers
had to wait for you to realize this had already been released and a
signature was added to Bleeding Snort on 10/23.

It's also a bit odd that Novell released the updates on 10/20/06, the
same day as the MNIN advisory.

Based on the time line it looks like the whole thing might have been
ripped off.....

Cheers,

Matt

Prev by Date: [OpenPKG-SA-2006.027] OpenPKG Security Advisory (wordpress)
Next by Date: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include
Previous by thread: [OpenPKG-SA-2006.027] OpenPKG Security Advisory (wordpress)
Next by thread: CentiPaid <= 1.4.2 [$class_pwd] Remote File Include
Index(es):
- Date
- Thread