In association with heise online

26 March 2008, 09:20

Novell fixes bug in eDirectory

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability in Novell's eDirectory LDAP server can be exploited by attackers on the local network to inject malicious code or carry out denial of service attacks. In its security advisory, Novell states that an oversize LDAP Extended Request query can trigger a stack overflow resulting in the overwriting of a function pointer. This apparently crashes the ndsd service, causes its Windows counterpart dhost.exe to generate a high processor load and in both cases may allow execution of injected code.

The bug affects versions 8.8.1 and earlier and and earlier of the eDirectory server under Linux, Solaris, Windows 2000 and Server 2003. Registered users can download version 8.8.2 or later or version 8.7.3 with SP 10 or later, in which the bug is fixed.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit