Environment
Novell NetWare 6.5
Novell eDirectory 8.8 SP2
Novell International Cryptographic Infrastructure (NICI) versions prior to 2.7.2 on all platforms
Novell eDirectory 8.8 SP2
Novell International Cryptographic Infrastructure (NICI) versions prior to 2.7.2 on all platforms
Situation
A remote, unauthenticated attacker may be able to create a
denial-of-service condition.
Resolution
NICI version 2.7.2 incorporates the updated RSA BSAFE Crypto-C and
Cert-C libraries that contain the fix for this vulnerability.
NICI version 2.7.2 is available in Security Services Pack 2.0.4 or newer which can be downloaded from https://dl.netiq.com
NICI version 2.7.2 is available in Security Services Pack 2.0.4 or newer which can be downloaded from https://dl.netiq.com
Status
Security AlertAdditional Information
US-Cert VU#754281 http://www.kb.cert.org/vuls/id/754281
CVE-2006-3894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3894
References:
http://www.rsa.com/node.aspx?id=1204
http://secunia.com/advisories/25364
Thanks to Cisco Systems for reporting this vulnerability to Cert.org
CVE-2006-3894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3894
References:
http://www.rsa.com/node.aspx?id=1204
http://secunia.com/advisories/25364
Thanks to Cisco Systems for reporting this vulnerability to Cert.org