Buffer overflow vulnerability against eDirectory 8.7.3 imonitor on Windows
Novell eDirectory 8.7 for Windows NT
Novell eDirectory 8.7 for Windows 2000
Novell eDirectory 8.7.1 for Windows NT
Novell eDirectory 8.7.1 for Windows 2000
Novell eDirectory 8.7.3 for Windows 2000
Novell eDirectory 8.7.3 for Windows 2003
Novell eDirectory 8.7.3 for Windows NT
This vulnerability will cause dhost.exe to crash causing a denial of service and can allow access to files.
Apply edir873ptf_imon1.exe available at Novell Support Site to resolve the vulnerability. This fix should be applied to eDirectory 8.7.3 IR4 or 8.7.3 IR6. The fix will be included in IR7. See TID 2972038 for the patch. Versions of eDirectory prior to 8.7.3 should upgrade eDirectory to 8.7.3 then apply the latest version service pack available at on Novell's Support Site www.novell.com/support
This vulnerability was reported by NGS Software NGS
Expansion of vulnerability reported by David Gloede, Michael Ligh, Ryan Smith and Amanda Wright.
CERT VU# 213165