Environment
Novell eDirectory 8.8 for Windows 2003
Novell eDirectory 8.8 for Windows 2000
Situation
This vulnerability allows remote attackers to execute arbitrary
code on vulnerable installations of Novell eDirectory 8.8. On
Windows, it can also cause the dhost.exe process named "NDS
Service" to crash.
Resolution
Apply ndsimonitor patch, edir88ptf_imon.tgz or newer available onhttps://support.novell.com/filefinder
Patch contains a new version of ndsimonitor for all supported platforms due to changes in common code, but vulnerability has only been detected on Windows.
Patch contains a new version of ndsimonitor for all supported platforms due to changes in common code, but vulnerability has only been detected on Windows.
Status
Security AlertAdditional Information
ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-016.html
The vulnerability was reported by CIRT.DK through TippingPoint and the Zero Day Initiative.
Vulnerability expansion research reported by David Gloede, Michael Ligh, Ryan Smith and Amanda Wright.
http://www.zerodayinitiative.com/advisories/ZDI-06-016.html
The vulnerability was reported by CIRT.DK through TippingPoint and the Zero Day Initiative.
Vulnerability expansion research reported by David Gloede, Michael Ligh, Ryan Smith and Amanda Wright.