26 March 2008, 09:20

Novell fixes bug in eDirectory

A vulnerability in Novell's eDirectory LDAP server can be exploited by attackers on the local network to inject malicious code or carry out denial of service attacks. In its security advisory, Novell states that an oversize LDAP Extended Request query can trigger a stack overflow resulting in the overwriting of a function pointer. This apparently crashes the ndsd service, causes its Windows counterpart dhost.exe to generate a high processor load and in both cases may allow execution of injected code.

The bug affects versions 8.8.1 and earlier and 8.7.3.9 and earlier of the eDirectory server under Linux, Solaris, Windows 2000 and Server 2003. Registered users can download version 8.8.2 or later or version 8.7.3 with SP 10 or later, in which the bug is fixed.

Channels

Services

Novell fixes bug in eDirectory

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit