Security Vulnerability: eDirectory NCP over IP length Heap Overflow

  • 3686202
  • 13-Mar-2007
  • 27-Jan-2014

Environment


Novell eDirectory 8.8.1 for All Platforms
Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3.8 and earlier for All Platforms

Situation

A heap overflow exists in the version of ncp that ships with eDirectory 8.8.1 and prior.

The vulnerability could allow an attacker to crash the service or execute arbitrary code.

Resolution

The issue is resolved by applying eDirectory 8.8.1 ftf or newer version for eDirectory 8.8.X

edir881ftf_1.exe for NetWare/Windows and edir881ftf_1.tgz for Linux/Solaris/AIX is available at https://dl.netiq.com

This issue is resolved by applying eDirectory 8.7.3 sp9 or newer version for eDirectory 8.7.3.X available at https://dl.netiq.com

Status

Reported to Engineering
Security Alert

Additional Information

This vulnerability was reported through iDefense

iDefense # IDEF1580
CVE‑2006‑4177