Novell fixes bug in eDirectory
A vulnerability in Novell's eDirectory LDAP server can be exploited by attackers on the local network to inject malicious code or carry out denial of service attacks. In its security advisory, Novell states that an oversize LDAP Extended Request query can trigger a stack overflow resulting in the overwriting of a function pointer. This apparently crashes the
ndsd service, causes its Windows counterpart
dhost.exe to generate a high processor load and in both cases may allow execution of injected code.
The bug affects versions 8.8.1 and earlier and 220.127.116.11 and earlier of the eDirectory server under Linux, Solaris, Windows 2000 and Server 2003. Registered users can download version 8.8.2 or later or version 8.7.3 with SP 10 or later, in which the bug is fixed.
- Security Vulnerability: Oversized DN Stack Overflow, security advisory from Novell
- Download the current version of the software from Novell (for registered users)