Tuesday, March 25, 2008 8:41 AM cmosby

Novell eDirectory LDAP Extended Request Message Processing Buffer Overflow - Advisories - Secunia

 

Novell eDirectory LDAP Extended Request Message Processing Buffer Overflow

Secunia Advisory:
SA29476

Release Date:
2008-03-25

Critical:

Moderately critical

Impact:
DoS
System access

Where:
From local network

Solution Status:
Vendor Patch

Software:
Novell eDirectory 8.x

Description:
A vulnerability has been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the processing of LDAP Extended Request messages and can be exploited to cause a stack-based buffer overflow via a large LDAP Extended Request message.

Successful exploitation may allow execution of arbitrary code.

The vulnerability affects the following versions on Solaris, Windows 2000/2003, and Linux systems:
* Novell eDirectory 8.8.1 and prior
* Novell eDirectory 8.7.3.9 and prior

Solution:
Update to version 8.8.2 or apply eDirectory 8.7.3 sp10.
http://download.novell.com/

Provided and/or discovered by:
The vendor credits the Zero Day Initiative.

Original Advisory:
Novell (3382120):
https://secure-support.novell.com/Kan...lishing/411/3382120_f.SAL_Public.html

Source: Novell eDirectory LDAP Extended Request Message Processing Buffer Overflow - Advisories - Secunia

Filed under: , ,

Comments

No Comments