Vulnerabilities > CVE-2005-2551 - Unspecified vulnerability in Novell Edirectory 8.7.3

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
novell
nessus
exploit available
metasploit
NVD
Published: 2005-08-12
Updated: 2024-11-20

Summary

Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Novell
1

Exploit-Db

  • descriptioneDirectory 8.7.3 iMonitor Remote Stack Buffer Overflow. CVE-2005-2551. Remote exploit for windows platform
    idEDB-ID:16769
    last seen2016-02-02
    modified2010-07-13
    published2010-07-13
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16769/
    titleeDirectory 8.7.3 iMonitor Remote Stack Buffer Overflow
  • descriptionNovell eDirectory 8.7.3 iMonitor Remote Stack Overflow. CVE-2005-2551. Remote exploit for windows platform
    idEDB-ID:1152
    last seen2016-01-31
    modified2005-08-12
    published2005-08-12
    reporterN/A
    sourcehttps://www.exploit-db.com/download/1152/
    titleNovell eDirectory 8.7.3 iMonitor Remote Stack Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in eDirectory 8.7.3 iMonitor service. This vulnerability was discovered by Peter Winter-Smith of NGSSoftware. NOTE: repeated exploitation attempts may cause eDirectory to crash. It does not restart automatically in a default installation.
idMSF:EXPLOIT/WINDOWS/HTTP/EDIRECTORY_IMONITOR
last seen2020-03-06
modified2017-07-24
published2005-12-26
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2551
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/edirectory_imonitor.rb
titleeDirectory 8.7.3 iMonitor Remote Stack Buffer Overflow

Nessus

NASL familyGain a shell remotely
NASL idEDIRECTORY_IMONITOR_OVERFLOW.NASL
descriptionThe remote host is running a version of eDirectory iMonitor that is vulnerable to a remote buffer overflow. An attacker may exploit this flaw to execute arbitrary code on the remote host or to disable this service remotely. To exploit this flaw, an attacker would need to send a specially crafted packet to the remote service.
last seen2020-06-01
modified2020-06-02
plugin id19428
published2005-08-12
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19428
titleNovell eDirectory Server iMonitor Multiple Remote Overflows
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(19428);
 script_version("1.19");
 script_cvs_date("Date: 2018/07/10 14:27:33");

 script_cve_id("CVE-2005-2551", "CVE-2006-2496");
 script_bugtraq_id(14548, 18026);

 script_name(english:"Novell eDirectory Server iMonitor Multiple Remote Overflows");
 script_summary(english:"Checks for a buffer overflow in eDirectory iMonitor");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote web server is affected by a buffer overflow vulnerability.");
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of eDirectory iMonitor that is
vulnerable to a remote buffer overflow.  An attacker may exploit this
flaw to execute arbitrary code on the remote host or to disable this
service remotely. 

To exploit this flaw, an attacker would need to send a specially
crafted packet to the remote service.");
 script_set_attribute(attribute:"solution", value:
"http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098568.htm
http://www.zerodayinitiative.com/advisories/ZDI-06-016.html
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973759.htm");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"metasploit_name", value:'eDirectory 8.7.3 iMonitor Remote Stack Buffer Overflow');
 script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "2005/08/12");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/08/11");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:novell:edirectory");
 script_end_attributes();
 
 script_category(ACT_DENIAL);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Gain a shell remotely");

 script_dependencie("http_version.nasl");
 script_require_ports("Services/www", 8008, 8010, 8028, 8030);
 exit(0);
}

# Check starts here

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");


port = get_http_port(default:8008, embedded:TRUE);
banner = get_http_banner (port:port);
if (! egrep(pattern:"Server: .*HttpStk/[0-9]+\.[0-9]+", string:banner))
  exit(0, "The web server on port "+port+" is not eDirectory iMonitor.");

 if (http_is_dead(port:port))
   exit(1, "The web server on port "+port+" is already dead.");

w = http_send_recv3(method:"GET",item:"/nds/" + crap(data:"A", length:0x1500), port:port,
  exit_on_fail: 0);

if (http_is_dead(port:port, retry: 3))
   security_hole(port);

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82943/edirectory_imonitor.rb.txt
idPACKETSTORM:82943
last seen2016-12-05
published2009-11-26
reporteranonymous
sourcehttps://packetstormsecurity.com/files/82943/eDirectory-8.7.3-iMonitor-Remote-Stack-Overflow.html
titleeDirectory 8.7.3 iMonitor Remote Stack Overflow

Saint

bid14548
descriptionNovell eDirectory iMonitor buffer overflow
idweb_tool_edirectorybo
osvdb18703
titleedirectory_imonitor_bo
typeremote

References