Security Vulnerability: Integer overflow stack corruption

  • 3694858
  • 10-Mar-2008
  • 26-Apr-2012

Environment

Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms

Situation

The specific flaw exists within the ds module loaded by dhost, bound by default to TCP port 524. Flawed arithmetic applied to a user-supplied value results in an integer overflow and subsequently a
complete stack smash allowing an attacker to execute arbitrary code via SEH redirection.

Resolution

To resolve this issue in eDirectory 8.8.2:

Apply eDir 8.8.2 ftf2 or later

To resolve this issue in eDirectory 8.7.3:

Apply eDir 8.7.3 SP10b or later


Status

Security Alert

Additional Information

The vulnerability was reported by Sebastian Apelt through TippingPoint and the Zero Day Initiative.

http://www.zerodayinitiative.com/advisories/ZDI-CAN-276.html

ZDI-CAN-276: Integer overflow stack corruption