Buffer Overflow Vulnerability in iMonitor 2.4 for eDirectory 8.8

  • 3006549
  • 23-Jun-2006
  • 26-Apr-2012

Environment


Novell eDirectory 8.8 for Windows 2003
Novell eDirectory 8.8 for Windows 2000

Situation

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory 8.8.  On Windows, it can also cause the dhost.exe process named "NDS Service" to crash.

Resolution

Apply ndsimonitor patch, edir88ptf_imon.tgz or newer available onhttps://support.novell.com/filefinder
Patch contains a new version of ndsimonitor for all supported platforms due to changes in common code, but vulnerability has only been detected on Windows.

Status

Security Alert

Additional Information

ZDI-06-016:  Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-06-016.html

The vulnerability was reported by CIRT.DK through TippingPoint and the Zero Day Initiative.

Vulnerability expansion research reported by David Gloede, Michael Ligh, Ryan Smith and Amanda Wright.