TROYANOSYVIRUS
Back to CVEs

CVE-2008-5038

CRITICAL
9.8

Description

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published11/12/2008
Last Modified4/9/2025
Sourcenvd
Honeypot Sightings0

Affected Products

novell:edirectory

Weaknesses (CWE)

CWE-416

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748(cve@mitre.org)
http://osvdb.org/48206(cve@mitre.org)
http://secunia.com/advisories/32395(cve@mitre.org)
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html(cve@mitre.org)
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html(cve@mitre.org)
http://www.novell.com/support/viewContent.do?externalId=3426981(cve@mitre.org)
http://www.securityfocus.com/bid/31956(cve@mitre.org)
http://www.securitytracker.com/id?1021117(cve@mitre.org)
http://www.vupen.com/english/advisories/2008/2937(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46138(cve@mitre.org)
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/48206(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32395(af854a3a-2127-422b-91ae-364da2661108)
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html(af854a3a-2127-422b-91ae-364da2661108)
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/support/viewContent.do?externalId=3426981(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/31956(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021117(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/2937(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46138(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.