Zone-H.org - Unrestricted Information - Novell eDirectory Multiple Vulnerabilities

Novell eDirectory Multiple Vulnerabilities

Written by Staff

Monday, 06 October 2008

Some vulnerabilities have been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

1) Unspecified errors exist in the processing of replica verbs (Opcode 0x23 and 0x24), which can be exploited to cause heap-based buffer overflows.

2) An unspecified error exists in the processing of the DSV_READ verb (Opcode 0x0F), which can be exploited to cause a heap-based buffer overflow...

3) An unspecified error exists in the processing of HTTP Content-Length headers, which can be exploited to cause a crash.

4) An unspecified error exists in the processing of HTTP Accept-Language headers, which can be exploited to cause a crash.

The vulnerabilities are reported in version 8.7.3 SP10.

Solution:
Apply 8.7.3 SP10 FTF1.

Provided and/or discovered by:
The vendor credits ZDI.

Original Advisory:
http://www.novell.com/support/viewContent.do?externalId=3477912

Original Article:
http://secunia.com/advisories/32111/

Comments Index (Total Messages: 0)

Post Reply
Name:	Guest
Title:
Comment:
Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!

DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.

< Prev		Next >

[ Back ]