Security update for Novell eDirectory
Novell has released a security update which fixes multiple vulnerabilities in its eDirectory identity management platform. According to Novell's security advisory, in addition to multiple DoS vulnerabilities, these include a buffer overflow which could be exploited remotely to gain control over a server.
The buffer overflow is provoked by an integer overflow in the ds.dlm module. Sending a crafted packet to TCP port 524 is sufficient to provoke the overflow. Novell eDirectory 220.127.116.11 and 8.8 are affected. The bugs are fixed in versions 8.8.2 ftf2 and 8.7.3 SP10b.
- Integer overflow stack corruption, Novell bulletin.