Security Vulnerability - eDirectory Core Protocol Opcode 0x0F Heap Overflow

  • 7001184
  • 19-Aug-2008
  • 26-Apr-2012

Environment


Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms

Situation

A flaw exists in the calculation of memory allocation based on user supplied input.  This flaw can result in a heap overflow which could cause a ds crash and/or arbitrary code execution.

Resolution

To resolve this issue:

In eDirectory 8.8.X:
Apply eDirectory 8.8.3

In eDirectory 8.7.3.X
Fix is targetted for eDirectory 8.7.3.10 ftf1

Status

Reported to Engineering
Security Alert

Additional Information

ZDI-08-065

http://www.zerodayinitiative.com/advisories/zdi-08-065.html

This vulnerability was discovered by Sebastian Apelt (webmaster@buzzworld.org) and reported by Zero Day Initiative (ZDI) established by TippingPoint, a division of 3Com.

CVE-2008-4478