Security Vulnerability: eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability

  • 7009947
  • 03-Jan-2012
  • 27-Jan-2014

Environment


Novell eDirectory 8.8.6.4 and earlier for All Platforms

Situation

When receiving an LDAP packet containing the Nds To Ldap Response class, the application will copy
data read from the packet into a statically sized buffer allocated on the stack in the prologue of the function.

Due to the function not checking the lengths of the strings before copying them into their destination, this will cause a buffer overflow which can be leveraged to achieve control over the processor's program counter.

Resolution

This vulnerability is resolved by applying eDirectory 8.8.6.5 or newer available on https://dl.netiq.com

Status

Reported to Engineering
Security Alert

Additional Information

This vulnerability was reported by TippingPoint and the Zero Day Initiative as ZDI-CAN-1409


Feedback service temporarily unavailable. For content questions or problems, please contact Support.