Vulnerabilities > CVE-2006-4177 - Remote Heap Overflow vulnerability in Novell eDirectory NCP Packet Processing

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

novell

NVD

Published: 2006-10-24

Updated: 2017-07-20

Summary

Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.

Vulnerable Configurations

Part	Description	Count
Application	Novell Novell Edirectory 8.8 Novell Edirectory - Novell Edirectory 8.0 Novell Edirectory 8.5 Novell Edirectory 8.5.12A Novell Edirectory 8.5.27 Novell Edirectory 8.6.2 Novell Edirectory 8.7 Novell Edirectory 8.7.1 Novell Edirectory 8.7.3 Novell Edirectory 8.7.3.8 Novell Edirectory 8.7.3.10 Novell Edirectory 8.8.1	25

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=426
http://secunia.com/advisories/22506
http://securitytracker.com/id?1017104
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm
http://www.securityfocus.com/bid/20664
http://www.vupen.com/english/advisories/2006/4142
https://exchange.xforce.ibmcloud.com/vulnerabilities/29768