On 10/27/06, zdi-disclosures@xxxxxxxx <zdi-disclosures@xxxxxxxx> wrote:
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since October 26, 2006 by Digital Vaccine protection filter ID 4519. For further product information on the TippingPoint IPS:
<snip>
The specific flaw exists within the httpstk.dll library within the dhost.exe web interface of the eDirectory Host Environment. The web interface does not validate the length of the HTTP Host header prior to using the value of that header in an HTTP redirect. This results in an exploitable stack-based buffer overflow.
This 0day was reported on 10/20/06 here http://www.mnin.org/advisories/2006_novell_httpstk.pdf. Seems that your initiative has fallen a bit behind. Your customers had to wait for you to realize this had already been released and a signature was added to Bleeding Snort on 10/23. It's also a bit odd that Novell released the updates on 10/20/06, the same day as the MNIN advisory. Based on the time line it looks like the whole thing might have been ripped off..... Cheers, Matt
