Vulnerability remedied in Novell eDirectory
Novell has released a security update for its eDirectory server to remedy a heap overflow. Attackers can remotely exploit the flaw to crash or penetrate a server. The vendor says that the vulnerability can be exploited with a specially crafted NDS Service Request.
Novell eDirectory 188.8.131.52 ftf1 (all supported platfoms) and previous versions are affected along with Novell eDirectory 8.8.5 ftf1 (all supported platfoms) and previous versions. The eDirectory 184.108.40.206 ftf2 and eDirectory 220.127.116.11 patches solve the problem.
- Novell eDirectory Heap-based Buffer Overflow, a report from Novell
- Novell eDirectory Remote Code Execution, a report from ISS X-Force