Security Vulnerability - eDirectory Core Protocol Opcode 0x24 Heap Overflow

  • 7001183
  • 19-Aug-2008
  • 26-Apr-2012

Environment


Novell eDirectory 8.8 for All Platforms
Novell eDirectory 8.7.3 for All Platforms

Situation

A flaw exists in the calculation of heap allocation that could result in under allocation of heap based on user supplied input.

This flaw can cause a heap overflow which can result in a ds crash and/or arbitrary code execution.

Resolution

To resolve this issue:

8.8.X
Apply eDirectory 8.8.3

8.7.3.X
Fix is currently targetted for 8.7.3.10 ftf1

Status

Reported to Engineering
Security Alert

Additional Information

ZDI-08-066: eDirectory Core Protocol Opcode 0x24 Heap Overflow

http://www.zerodayinitiative.com/advisories/ZDI-08-066.html

This vulnerability was discovered by Sebastian Apelt (webmaster@buzzworld.org) and reported through Zero Day Initiative (ZDI) established by TippingPoint, a division of 3Com.

CVE-2008-4480