Novell eDirectory NCP KeyedObjectLogin Function Vulnerability

Added: 02/07/2013
CVE: CVE-2012-0432
BID: 57038
OSVDB: 88718

Background

Novell eDirectory is a directory server which implements the NetWare Core Protocol (NCP) to synchronize data changes between the servers in a directory service tree. NCP is used to access file, print, directory, clock synchronization, messaging, remote command execution and other network service functions. TCP/IP implementations use TCP port 524.

Problem

Novell eDirectory versions prior to 8.8.7.2 and 8.8.6.7 are vulnerable to stack based buffer overflow in the NCP implementation as a result of improper validation of user-supplied input to the KeyedObjectLogin function. The vulnerable process runs as root by default, so a successful remote unauthenticated attacker could execute arbitrary code on the compromised system as the root user.

Resolution

Update to Novell eDirectory version 8.8.7.2 or 8.8.6.7.

References

http://www.novell.com/support/kb/doc.php?id=3426981
http://secunia.com/advisories/51667/

Limitations

This exploit was tested against Novell eDirectory 8.8.7 on CentOS 6 with Exec-Shield Enabled.

Platforms

Linux

Back to exploit index