Vulnerability remedied in Novell eDirectory
Novell has released a security update for its eDirectory server to remedy a heap overflow. Attackers can remotely exploit the flaw to crash or penetrate a server. The vendor says that the vulnerability can be exploited with a specially crafted NDS Service Request.
Novell eDirectory 184.108.40.206 ftf1 (all supported platfoms) and previous versions are affected along with Novell eDirectory 8.8.5 ftf1 (all supported platfoms) and previous versions. The eDirectory 220.127.116.11 ftf2 and eDirectory 18.104.22.168 patches solve the problem.
- Novell eDirectory Heap-based Buffer Overflow, a report from Novell
- Novell eDirectory Remote Code Execution, a report from ISS X-Force