Security Vulnerability: NCP Fragment Denial of Service

  • 3924657
  • 18-May-2007
  • 27-Jan-2014

Environment


Novell eDirectory 8.8.1 for Linux/Solaris/AIX
Novell eDirectory 8.8 for Linux/Solaris/HPUX/AIX
Novell eDirectory 8.7.3.8 and prior for Linux/Solaris/HPUX/AIX

Situation

A vulernability exists in ncp that ships with eDirectory 8.8, eDirectory 8.8.1, eDirectory 8.7.3.8 and prior versions that could allow an attacker to crash the eDirectory service resulting in a denial of service.  Exploitation of this vulernability could also cause the eDirectory log to grow consuming disk space.

Resolution

This vulnerability is resolved by applying eDirectory 8.8.1 ftf2 or newer code for eDirectory 8.8.X

This vulnerability is resolved by applying eDirectory 8.7.3 sp9 or newer code for eDirectory 8.7.3.X

Code is available at https://dl.netiq.com


Status

Reported to Engineering
Security Alert

Additional Information

This vulnerability was reported by iDefense https://www.idefense.com

iDefense #IDEF1720
CVE‑2006‑4520