Buffer Overflow Vulnerability in iMonitor 2.4 for eDirectory 8.8

  • 3006549
  • 23-Jun-2006
  • 26-Apr-2012


Novell eDirectory 8.8 for Windows 2003
Novell eDirectory 8.8 for Windows 2000


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory 8.8.  On Windows, it can also cause the dhost.exe process named "NDS Service" to crash.


Apply ndsimonitor patch, edir88ptf_imon.tgz or newer available onhttps://support.novell.com/filefinder
Patch contains a new version of ndsimonitor for all supported platforms due to changes in common code, but vulnerability has only been detected on Windows.


Security Alert

Additional Information

ZDI-06-016:  Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability


The vulnerability was reported by CIRT.DK through TippingPoint and the Zero Day Initiative.

Vulnerability expansion research reported by David Gloede, Michael Ligh, Ryan Smith and Amanda Wright.