Environment
Novell eDirectory 8.8.4 and prior for All Platforms
Novell eDirectory 8.7.3.10b and prior for All Platforms
Novell eDirectory 8.7.3.10b and prior for All Platforms
Situation
When an Accept-Language header containing overly long string value is supplied in an HTTP request for URL "/nds", the http modules in eDirectory fails to bounds check the Accept-Language header. This will result to a buffer overflow.
Unauthenticated remote attackers could exploit this vulnerability by sending a maliciously crafted request to the HTTP or HTTPS ports of Novell eDirectory. The default ports are 8030/TCP for HTTPS and 8028/TCP for HTTP on eDirectory 8.8.x, while on eDirectory 8.7.x, the default ports are 8010/TCP for HTTPS and 8008/TCP for HTTP. As a result of processing the malicious packet, a buffer overflow can be triggered. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the System/root user. Successful exploitation can also crash eDirectory.
Unauthenticated remote attackers could exploit this vulnerability by sending a maliciously crafted request to the HTTP or HTTPS ports of Novell eDirectory. The default ports are 8030/TCP for HTTPS and 8028/TCP for HTTP on eDirectory 8.8.x, while on eDirectory 8.7.x, the default ports are 8010/TCP for HTTPS and 8008/TCP for HTTP. As a result of processing the malicious packet, a buffer overflow can be triggered. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the System/root user. Successful exploitation can also crash eDirectory.
Resolution
This problem is resolved by applying the following patches:
For eDirectory 8.8.X:
eDirectory 8.8.3 FTF3 or newer (non-OES)
eDirectory 8.8.4 FTF1 or newer (OES2 SP1)
For eDirectory 8.7.3.X:
eDirectory 8.7.3.10 ftf2 or newer
These patches are located at https://dl.netiq.com
eDirectory 8.8.3 FTF3 for OES2 is available via the channel.
For eDirectory 8.8.X:
eDirectory 8.8.3 FTF3 or newer (non-OES)
eDirectory 8.8.4 FTF1 or newer (OES2 SP1)
For eDirectory 8.7.3.X:
eDirectory 8.7.3.10 ftf2 or newer
These patches are located at https://dl.netiq.com
eDirectory 8.8.3 FTF3 for OES2 is available via the channel.
Status
Reported to EngineeringSecurity Alert
Additional Information
This vulnerability was reported by:
"Vulnerability Research Team, Assurent Secure Technologies, a TELUS Company"
"Vulnerability Research Team, Assurent Secure Technologies, a TELUS Company"