CVE-2012-0432

NetIQ eDirectory <8.8.7.2 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-0432. PoCs published by Metasploit, Gary Nilson, David Klein, Gary Nilson, juan vazquez, including Metasploit module exploits/linux/misc/novell_edirectory_ncp_bof.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in Novell eDirectory's ndsd daemon via a crafted Keyed Object Login request, allowing remote code execution with root privileges. The exploit constructs a malicious NCP packet to overwrite EIP and execute payload.

Description

Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/24323

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Novell eDirectory's ndsd daemon via a crafted Keyed Object Login request, allowing remote code execution with root privileges. The exploit constructs a malicious NCP packet to overwrite EIP and execute payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Novell eDirectory 8.8.7 v20701.33 on SLES 10 SP3

No auth needed

Prerequisites: Network access to port 524 (NCP) · Target running vulnerable Novell eDirectory version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC

by Gary Nilson · textremotelinux

https://www.exploit-db.com/exploits/24205

View Code ZIP pw:eip

This is a functional remote exploit for CVE-2012-0432, targeting a stack-based buffer overflow in Novell NCP. It achieves remote code execution by sending a crafted payload to bind a shell on port 5074.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: NetIQ eDirectory 8.8.7.x before 8.8.7.2

No auth needed

Prerequisites: Network access to the target's NCP service (port 524) · Target running vulnerable version of NetIQ eDirectory

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by David Klein, Gary Nilson, juan vazquez · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/novell_edirectory_ncp_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Novell eDirectory's NCP service via a crafted Keyed Object Login request, allowing remote code execution with root privileges. It targets a specific version of Novell eDirectory on SLES 10 SP3.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Novell eDirectory 8.8.7 v20701.33 on SLES 10 SP3

No auth needed

Prerequisites: Network access to port 524 (NCP) · Target running vulnerable Novell eDirectory version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

http://www.novell.com/support/kb/doc.php?id=3426981

Issue Tracking x_refsource_confirm

https://bugzilla.novell.com/show_bug.cgi?id=785272

Scores

EPSS 0.5870

EPSS Percentile 99.0%

Details

CWE

CWE-119

Status published

Products (2)

microfocus/edirectory 8.8.7.0

microfocus/edirectory 8.8.7.1

Published Dec 25, 2012

Tracked Since Feb 18, 2026