Skip to main content

Edirectory CVE-2012-0432

CRITICAL
Buffer Overflow (CWE-119)
2012-12-25 cve@mitre.org
10.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Dec 25, 2012 - 12:13 cve.org
CRITICAL 10.0

DescriptionCVE.org

Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.

AnalysisAI

Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 85.2%.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors. Affected products include: Microfocus Edirectory. Version information: before 8.8.7.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2014-5213 MEDIUM POC
4.0 Dec 19

nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allo

CVE-2016-9167 HIGH
7.5 Mar 23

NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, whi

CVE-2017-5186 HIGH
7.5 Apr 27

Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch

CVE-2016-5747 HIGH
7.5 Mar 23

A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 a

CVE-2018-17950 HIGH
7.5 Dec 12

Incorrect enforcement of authorization checks in eDirectory prior to 9.1 SP2. Rated high severity (CVSS 7.5), this vulne

CVE-2018-7686 HIGH
7.5 Aug 09

Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. Rated high severity (

CVE-2018-12461 HIGH
7.5 Jul 10

Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. Rated high severity (CVSS 7.5),

CVE-2018-1346 HIGH
7.5 Mar 21

Addresses denial of service attack to eDirectory versions prior to 9.1. Rated high severity (CVSS 7.5), this vulnerabili

CVE-2014-5212 MEDIUM
4.3 Dec 19

Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allo

CVE-2016-9168 MEDIUM
6.5 Mar 23

A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in Novell eDirectory before 9.0.2 could be used by r

CVE-2012-0430 MEDIUM
6.4 Dec 25

Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote

CVE-2018-17952 MEDIUM
6.1 Dec 12

Cross site scripting vulnerability in eDirectory prior to 9.1 SP2. Rated medium severity (CVSS 6.1), this vulnerability

Share

CVE-2012-0432 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy