Vulnerabilities > CVE-2008-0927 - Resource Management Errors vulnerability in Microsoft Windows-Nt 2000/2003

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
novell
microsoft
CWE-399
nessus
exploit available
NVD
Published: 2008-04-14
Updated: 2018-10-31

Summary

dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.

Vulnerable Configurations

Part Description Count
Application
Novell
1
OS
Microsoft
2

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionNovell eDirectory < 8.7.3 SP 10 / 8.8.2 HTTP headers DOS Vulnerability. CVE-2008-0927. Dos exploit for windows platform
fileexploits/windows/dos/5547.txt
idEDB-ID:5547
last seen2016-01-31
modified2008-05-05
platformwindows
port
published2008-05-05
reporterNicob
sourcehttps://www.exploit-db.com/download/5547/
titleNovell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers DoS Vulnerability
typedos

Nessus

NASL familyDenial of Service
NASL idEDIRECTORY_HTTP_CONNECTION_HEADER_DOS.NASL
descriptionThe remote host is running eDirectory, a directory service software from Novell. The installed version of eDirectory is affected by a denial of service issue. By sending an HTTP request with a specially crafted
last seen2020-06-01
modified2020-06-02
plugin id31863
published2008-04-16
reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/31863
titleNovell eDirectory Host Environment Service (dhost.exe) HTTP Connection Header DoS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(31863);
  script_version("1.16");
  script_cvs_date("Date: 2018/11/15 20:50:21");

  script_cve_id("CVE-2008-0927");
  script_bugtraq_id(28757);

  script_name(english:"Novell eDirectory Host Environment Service (dhost.exe) HTTP Connection Header DoS");
  script_summary(english:"Checks version from an ldap search");
 
  script_set_attribute(attribute:"synopsis", value:
"The remote directory service is affected by a denial of service issue.");
  script_set_attribute(attribute:"description", value:
"The remote host is running eDirectory, a directory service software
from Novell. 

The installed version of eDirectory is affected by a denial of service
issue. By sending an HTTP request with a specially crafted
'Connection' header to the server, an unauthenticated attacker may be
able to trigger a denial of service condition causing dhost.exe to
consume 100% of the CPU and crash the system.");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3eebe0a9");
  script_set_attribute(attribute:"solution", value:"Upgrade to eDirectory 8.8.2/8.7.3 SP10 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(399);

  script_set_attribute(attribute:"plugin_publication_date", value: "2008/04/16");

  script_set_attribute(attribute:"plugin_type", value: "remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:novell:edirectory");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Denial of Service");
  script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");
  script_dependencies("http_version.nasl", "ldap_search.nasl", "os_fingerprint.nasl");
  script_require_keys("Services/ldap");
  script_require_ports(8008,8028,8010,8030);

  exit(0);
}


os = get_kb_item_or_exit("Host/OS");
if ("Windows" >!< os) exit(0, "The remote host is not running Windows.");

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port =  get_http_port(default:8008); # Cleartext http port on eDirectory 8.7.3

ldap_port = NULL;
ldap_port = get_kb_item_or_exit("Services/ldap");

edir_ldap = get_kb_item(string("LDAP/",ldap_port,"/vendorVersion"));
edir_product = strstr(edir_ldap,"Novell eDirectory");
edir_product = edir_product - strstr(edir_product , "(");

if ( isnull(edir_ldap) || "Novell eDirectory" >!< edir_ldap ) exit(0);

edir_ldap_ver = NULL;

if ("Novell eDirectory 8.7.3" >< edir_ldap)
 {
  edir_ldap_ver = eregmatch(pattern:"^LDAP Agent for Novell eDirectory ([0-9])\.([0-9])\.([0-9])\.*([0-9]*) *\([0-9]+\.[0-9]+\)$", string:edir_ldap);  
  # KB entries
  # LDAP Agent for Novell eDirectory 8.7.3.10 (10555.95) # patched
  # LDAP Agent for Novell eDirectory 8.7.3 (10552.72)    # unpatched

  if ((isnull(edir_ldap_ver[4]) || int(edir_ldap_ver[4]) < 10))
   {
     if(report_verbosity)
      {
        report = string(
          "\n",
	  " ",edir_product," is installed on the remote host.\n"
        );
        security_hole(port:port, extra:report);
      }	
     else	
     security_hole(port); 
   }  
 }

else if ("Novell eDirectory 8.8" >< edir_ldap)
{
 # KB entries
 # LDAP Agent for Novell eDirectory 8.8 (20114.35) # unpatched 
 # LDAP Agent for Novell eDirectory 8.8 SP1 (20114.57) unpatched
 # LDAP Agent for Novell eDirectory 8.8 SP2 (20216.46) # patched
 
     if  ("Novell eDirectory 8.8 SP2" >< edir_ldap) exit(0);
 else if ( ereg(pattern:"^LDAP Agent for Novell eDirectory 8.8 *SP1 *\(([0-9]+)\.([0-9]+)\)$",string:edir_ldap)	||
	   ereg(pattern:"^LDAP Agent for Novell eDirectory 8.8 *\(([0-9]+)\.([0-9]+)\)$",string:edir_ldap)
         )
          { 
            if(report_verbosity)
            {
              report = string(
              "\n",
              " ",edir_product," is installed on the remote host.\n"
              );
              security_hole(port:port, extra:report);
            }
            else
  	    security_hole(port); 
  	    exit (0);
    	} 
}

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/66027/novelledir-dos.txt
idPACKETSTORM:66027
last seen2016-12-05
published2008-05-06
reporterNicob
sourcehttps://packetstormsecurity.com/files/66027/novelledir-dos.txt.html
titlenovelledir-dos.txt

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 28757 CVE(CAN) ID: CVE-2008-0927 Novell eDirectory是一个的跨平台的目录服务器。 Novell eDirectory的dhost.exe服务在处理HTTP请求中的Connection头时存在漏洞,如果远程攻击者向该服务发送了多个特制的HTTP请求的话,就可能导致耗尽大量CPU资源。 Novell eDirectory &lt;= 8.8.1 Novell eDirectory &lt;= 8.7.3.9 Novell ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://download.novell.com/ target=_blank>http://download.novell.com/</a>
    idSSV:3169
    last seen2017-11-19
    modified2008-04-15
    published2008-04-15
    reporterRoot
    titleNovell eDirectory HTTP Connection头拒绝服务漏洞
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:8416
    last seen2017-11-19
    modified2008-05-10
    published2008-05-10
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-8416
    titleNovell eDirectory &lt; 8.7.3 SP 10 / 8.8.2 HTTP headers DOS Vulnerability
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:65373
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-65373
    titleNovell eDirectory < 8.7.3 SP 10 / 8.8.2 - HTTP headers DoS Vulnerability

References