Environment
Novell eDirectory 8.8.6.4 and earlier for All Platforms
Situation
When receiving an LDAP packet containing the Nds To Ldap Response class, the application will copy
data read from the packet into a statically sized buffer allocated on the stack in the prologue of the function.
Due to the function not checking the lengths of the strings before copying them into their destination, this will cause a buffer overflow which can be leveraged to achieve control over the processor's program counter.
data read from the packet into a statically sized buffer allocated on the stack in the prologue of the function.
Due to the function not checking the lengths of the strings before copying them into their destination, this will cause a buffer overflow which can be leveraged to achieve control over the processor's program counter.
Resolution
This vulnerability is resolved by applying eDirectory 8.8.6.5 or newer available on https://dl.netiq.com
Status
Reported to EngineeringSecurity Alert
Additional Information
This vulnerability was reported by TippingPoint and the Zero Day Initiative as ZDI-CAN-1409