Environment
Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms
Situation
A flaw exists in the calculation of memory allocation based on user supplied input. This flaw can result in a heap overflow which could cause a ds crash and/or arbitrary code execution.
Resolution
To resolve this issue:
In eDirectory 8.8.X:
Apply eDirectory 8.8.3
In eDirectory 8.7.3.X
Fix is targetted for eDirectory 8.7.3.10 ftf1
In eDirectory 8.8.X:
Apply eDirectory 8.8.3
In eDirectory 8.7.3.X
Fix is targetted for eDirectory 8.7.3.10 ftf1
Status
Reported to EngineeringSecurity Alert
Additional Information
ZDI-08-065
http://www.zerodayinitiative.com/advisories/zdi-08-065.html
This vulnerability was discovered by Sebastian Apelt (webmaster@buzzworld.org) and reported by Zero Day Initiative (ZDI) established by TippingPoint, a division of 3Com.
CVE-2008-4478
http://www.zerodayinitiative.com/advisories/zdi-08-065.html
This vulnerability was discovered by Sebastian Apelt (webmaster@buzzworld.org) and reported by Zero Day Initiative (ZDI) established by TippingPoint, a division of 3Com.
CVE-2008-4478