Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

eDirectory < 8.8 SP3 FTF3 iMonitor Crafted HTTP Request Overflow



The remote host is vulnerable to a buffer overflow.


The remote host is running eDirectory, a directory service software from Novell. The iMonitor component included with the installed version is affected by a buffer overflow vulnerability. By sending a specially crafted HTTP request to the iMonitor component with a malformed 'Accept-Language' header, it may be possible for a remote attacker to execute arbitrary code on the remote system.

NOTE: The iMonitor service is an optional package. PVS has determined this vulnerability by looking at the vendor version number within LDAP queries. Given this, if the iMonitor service is not running, then the system is not vulnerable.


Upgrade to version 8.8 SP3 with FTF3 or higher.