Vulnerability remedied in Novell eDirectory
Novell has released a security update for its eDirectory server to remedy a heap overflow. Attackers can remotely exploit the flaw to crash or penetrate a server. The vendor says that the vulnerability can be exploited with a specially crafted NDS Service Request.
Novell eDirectory 220.127.116.11 ftf1 (all supported platfoms) and previous versions are affected along with Novell eDirectory 8.8.5 ftf1 (all supported platfoms) and previous versions. The eDirectory 18.104.22.168 ftf2 and eDirectory 22.214.171.124 patches solve the problem.
- Novell eDirectory Heap-based Buffer Overflow, a report from Novell
- Novell eDirectory Remote Code Execution, a report from ISS X-Force