Environment
Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms
Novell eDirectory 8.7.3 for All Platforms
Situation
There exists an integer overflow in Novell eDirectory Server 8.8.X and 8.7.3 when parsing malformed request using the NDS Verb 0x1. The buffer overflow can result in a server crash or possible remote code execution.
Resolution
This problem is expected to be fixed in eDirectory 8.8.5 ftf2 and is fixed eDirectory 8.7.3.10 ftf2.
To resolve this vulnerability apply, eDirectory 8.8.5 ftf3 or newer for eDirectory 8.8.X and eDirectory 8.7.3.10 ftf2 or newer for eDirectory 8.7.3.X. Patches are locate at https://dl.netiq.com
To resolve this vulnerability apply, eDirectory 8.8.5 ftf3 or newer for eDirectory 8.8.X and eDirectory 8.7.3.10 ftf2 or newer for eDirectory 8.7.3.X. Patches are locate at https://dl.netiq.com
Additional Information
This vulnerability was reported by Chris Valasek, IBM X-Force
CVE-2009-0895
CVE-2009-0895