Security Vulnerability: eDirectory NMAS BerDecodeLoginDataRequest DoS

  • 3226177
  • 30-Oct-2006
  • 27-Jan-2014

Environment


Novell Modular Authentication Service (NMAS) version 3.1.1 and prior
Novell eDirectory 8.7.3
Novell eDirectory 8.8

Situation

Remote exploitation of a denial of service (DoS) vulnerability in eDirectory product could allow an attacker to force the running daemon to cease servicing requests.

Resolution

This vulnerability is fixed in NMAS 3.1.2 or later.

NMAS 3.1.2 is part of Security Services 2.0.3 which is available at the following location:

Go to https://dl.netiq.com to download the latest Security Services Pack.

Status

Reported to Engineering
Security Alert

Additional Information

This vulnerability was reported by iDefense www.idefense.com.

iDefense #IDEF1735
CVE-2006-4521