Security update for Novell eDirectory
Novell has released a security update which fixes multiple vulnerabilities in its eDirectory identity management platform. According to Novell's security advisory, in addition to multiple DoS vulnerabilities, these include a buffer overflow which could be exploited remotely to gain control over a server.
The buffer overflow is provoked by an integer overflow in the ds.dlm module. Sending a crafted packet to TCP port 524 is sufficient to provoke the overflow. Novell eDirectory 8.7.3.10 and 8.8 are affected. The bugs are fixed in versions 8.8.2 ftf2 and 8.7.3 SP10b.
See also:
- Integer overflow stack corruption, Novell bulletin.
(trk)