Novell BorderManager Client Trust Heap Based Buffer Overflow Vulnerability
BID:26285
Info
Novell BorderManager Client Trust Heap Based Buffer Overflow Vulnerability
| Bugtraq ID: | 26285 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-5767 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 31 2007 12:00AM |
| Updated: | Nov 01 2007 07:06PM |
| Credit: | uvinc is credited with the discovery of this vulnerability. |
| Vulnerable: |
Novell BorderManager 3.8 |
| Not Vulnerable: | |
Discussion
Novell BorderManager Client Trust Heap Based Buffer Overflow Vulnerability
Novell BorderManager is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
This issue affects BorderManager 3.8; other versions may also be vulnerable.
Novell BorderManager is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
This issue affects BorderManager 3.8; other versions may also be vulnerable.
Exploit / POC
Novell BorderManager Client Trust Heap Based Buffer Overflow Vulnerability
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Novell BorderManager Client Trust Heap Based Buffer Overflow Vulnerability
Solution:
Novell has released an advisory along with a fix to address this issue. Please see the references for more information.
Solution:
Novell has released an advisory along with a fix to address this issue. Please see the references for more information.
References
Novell BorderManager Client Trust Heap Based Buffer Overflow Vulnerability
References:
References:
- BorderManager 3.8 Client Trust Security Update1 1.5 (Novell)
- Novell Homepage (Novell)
- ZDI-07-064 Novell Client Trust Heap Overflow Vulnerability (Zero Day Initiative)