Security Vulnerability: Integer overflow stack corruption

  • 3694858
  • 10-Mar-2008
  • 26-Apr-2012


Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms


The specific flaw exists within the ds module loaded by dhost, bound by default to TCP port 524. Flawed arithmetic applied to a user-supplied value results in an integer overflow and subsequently a
complete stack smash allowing an attacker to execute arbitrary code via SEH redirection.


To resolve this issue in eDirectory 8.8.2:

Apply eDir 8.8.2 ftf2 or later

To resolve this issue in eDirectory 8.7.3:

Apply eDir 8.7.3 SP10b or later


Security Alert

Additional Information

The vulnerability was reported by Sebastian Apelt through TippingPoint and the Zero Day Initiative.

ZDI-CAN-276: Integer overflow stack corruption