Security Vulnerability: eDirectory RelativeToFullDN Parsing Remote Code Execution Vulnerability

  • 7009947
  • 03-Jan-2012
  • 27-Jan-2014


Novell eDirectory and earlier for All Platforms


When receiving an LDAP packet containing the Nds To Ldap Response class, the application will copy
data read from the packet into a statically sized buffer allocated on the stack in the prologue of the function.

Due to the function not checking the lengths of the strings before copying them into their destination, this will cause a buffer overflow which can be leveraged to achieve control over the processor's program counter.


This vulnerability is resolved by applying eDirectory or newer available on


Reported to Engineering
Security Alert

Additional Information

This vulnerability was reported by TippingPoint and the Zero Day Initiative as ZDI-CAN-1409