On 10/27/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability since October 26, 2006 by Digital Vaccine protection > filter ID 4519. For further product information on the TippingPoint IPS: <snip> > The specific flaw exists within the httpstk.dll library within the > dhost.exe web interface of the eDirectory Host Environment. The web > interface does not validate the length of the HTTP Host header prior to > using the value of that header in an HTTP redirect. This results in an > exploitable stack-based buffer overflow.
This 0day was reported on 10/20/06 here http://www.mnin.org/advisories/2006_novell_httpstk.pdf. Seems that your initiative has fallen a bit behind. Your customers had to wait for you to realize this had already been released and a signature was added to Bleeding Snort on 10/23. It's also a bit odd that Novell released the updates on 10/20/06, the same day as the MNIN advisory. Based on the time line it looks like the whole thing might have been ripped off..... Cheers, Matt _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/