Novell is now a part of Micro Focus

My Favorites


Please to see your favorites.

Security Vulnerability: NCP Fragment Denial of Service

This document (3924657) is provided subject to the disclaimer at the end of this document.


Novell eDirectory 8.8.1 for Linux/Solaris/AIX
Novell eDirectory 8.8 for Linux/Solaris/HPUX/AIX
Novell eDirectory and prior for Linux/Solaris/HPUX/AIX


A vulernability exists in ncp that ships with eDirectory 8.8, eDirectory 8.8.1, eDirectory and prior versions that could allow an attacker to crash the eDirectory service resulting in a denial of service.  Exploitation of this vulernability could also cause the eDirectory log to grow consuming disk space.


This vulnerability is resolved by applying eDirectory 8.8.1 ftf2 or newer code for eDirectory 8.8.X

This vulnerability is resolved by applying eDirectory 8.7.3 sp9 or newer code for eDirectory 8.7.3.X

Code is available at


Reported to Engineering
Security Alert

Additional Information

This vulnerability was reported by iDefense

iDefense #IDEF1720


This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:3924657
  • Creation Date:18-MAY-07
  • Modified Date:27-JAN-14
    • NetIQeDirectory

Did this document solve your problem? Provide Feedback