Vulnerability remedied in Novell eDirectory
Novell has released a security update for its eDirectory server to remedy a heap overflow. Attackers can remotely exploit the flaw to crash or penetrate a server. The vendor says that the vulnerability can be exploited with a specially crafted NDS Service Request.
Novell eDirectory 8.7.3.10 ftf1 (all supported platfoms) and previous versions are affected along with Novell eDirectory 8.8.5 ftf1 (all supported platfoms) and previous versions. The eDirectory 8.7.3.10 ftf2 and eDirectory 8.8.5.2 patches solve the problem.
See also:
- Novell eDirectory Heap-based Buffer Overflow, a report from Novell
- Novell eDirectory Remote Code Execution, a report from ISS X-Force
(trk)