6507.txt

This is the snapshot of Snot Latest Rules

Rule: 

--
Sid: 
6507

-- 
Summary: 
This event is generated when an attempt is made to exploit a known vulnerability in Novell eDirectory Server.

-- 
Impact: 
Serious. Execution of code is possible.

--
Detailed Information:
Novell eDirectory Server contains a vulnerability that may allow an attacker to overflow a fixed length buffer and execute code of their choosing on an affected server.

The vulnerability exists in the iMonitor NDS server and may be exploited via a specially crafted uri to the service.

NOTE
For this rule to operate correctly port 8028 must be added to the server configuration of http_inspect.
NOTE

--
Affected Systems:
Novell iMonitor 2.4
Novell eDirectory 8.8

--
Attack Scenarios: 
An attacker can supply a long uri to the affected service to overflow a fixed length buffer and then include code of their choosing to be executed in the context of the administrative account.

-- 
Ease of Attack: 
Simple

-- 
False Positives:
None known.

--
False Negatives:
None known.

-- 
Corrective Action: 
Upgrade to the latest non-affected version of the software

--
Contributors:
Sourcefire Vulnerability Research Team
Kevin Shivers <kevin.shivers@sourcefire.com>
Matthew Watchinski <matthew.watchinski@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--