Novell Home

My Favorites

Close

Please to see your favorites.

Security Vulnerability: NCP Fragment Denial of Service

This document (3924657) is provided subject to the disclaimer at the end of this document.

Environment


Novell eDirectory 8.8.1 for Linux/Solaris/AIX
Novell eDirectory 8.8 for Linux/Solaris/HPUX/AIX
Novell eDirectory 8.7.3.8 and prior for Linux/Solaris/HPUX/AIX

Situation

A vulernability exists in ncp that ships with eDirectory 8.8, eDirectory 8.8.1, eDirectory 8.7.3.8 and prior versions that could allow an attacker to crash the eDirectory service resulting in a denial of service.  Exploitation of this vulernability could also cause the eDirectory log to grow consuming disk space.

Resolution

This vulnerability is resolved by applying eDirectory 8.8.1 ftf2 or newer code for eDirectory 8.8.X

This vulnerability is resolved by applying eDirectory 8.7.3 sp9 or newer code for eDirectory 8.7.3.X

Code is available at http://dl.netiq.com


Status

Reported to Engineering
Security Alert

Additional Information

This vulnerability was reported by iDefense https://www.idefense.com

iDefense #IDEF1720
CVE‑2006‑4520

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:3924657
  • Creation Date:18-MAY-07
  • Modified Date:27-JAN-14
    • NetIQeDirectory

Did this document solve your problem? Provide Feedback