Security Vulnerability: eDirectory Heap based Buffer Overflow

  • 7004719
  • 21-Oct-2009
  • 27-Jan-2014


Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms


There exists an integer overflow in Novell eDirectory Server 8.8.X and 8.7.3 when parsing malformed request using the NDS Verb 0x1.  The buffer overflow can result in a server crash or possible remote code execution.


This problem is expected to be fixed in eDirectory 8.8.5 ftf2 and is fixed eDirectory ftf2.

To resolve this vulnerability apply, eDirectory 8.8.5 ftf3 or newer for eDirectory 8.8.X and eDirectory ftf2 or newer for eDirectory 8.7.3.X.  Patches are locate at

Additional Information

This vulnerability was reported by Chris Valasek, IBM X-Force