TROYANOSYVIRUS
Retour aux CVEs

CVE-2008-5038

CRITICAL
9.8

Description

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie11/12/2008
Derniere modification4/9/2025
Sourcenvd
Observations honeypot0

Produits affectes

novell:edirectory

Faiblesses (CWE)

CWE-416

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748(cve@mitre.org)
http://osvdb.org/48206(cve@mitre.org)
http://secunia.com/advisories/32395(cve@mitre.org)
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html(cve@mitre.org)
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html(cve@mitre.org)
http://www.novell.com/support/viewContent.do?externalId=3426981(cve@mitre.org)
http://www.securityfocus.com/bid/31956(cve@mitre.org)
http://www.securitytracker.com/id?1021117(cve@mitre.org)
http://www.vupen.com/english/advisories/2008/2937(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46138(cve@mitre.org)
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/48206(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32395(af854a3a-2127-422b-91ae-364da2661108)
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html(af854a3a-2127-422b-91ae-364da2661108)
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/support/viewContent.do?externalId=3426981(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/31956(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021117(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/2937(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46138(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.