Novell closes critical hole in eDirectory
Novell has fixed a buffer overflow problem that allows attackers to take control over the server process which is executed with super user privileges under Linux – the problem is remotely exploitable. The vulnerability was closed with the release of eDirectory 8.8 SP7 patch 2 6989 in December 2012 but the company has only publicised this information now.
David Klein reports on the Full Disclosure mailing list that the problem is apparently caused by a faulty implementation of the KeyedObjectLogin function. According to Klein, the bug is "trivially exploitable on Linux" due to the absence of a session cookie. As the software runs with root privileges, an attacker can gain full control of the eDirectory process.
eDirectory was formerly known as Novell Directory Services (NDS) and is an X.500 compatible directory service. The current version also supports the LDAPv3 protocol.