| Name | Novell.eDirectory.LDAP.Service.Invalid.Free.Code.Execution |
| Alias/es | Novell.EDirectory.LDAP.Service.Invalid.Free.Code.Execution |
| Release Date | Jan 07, 2010 |
| Severity | Critical |
| Impact | System Compromise: Remoate attackers can gain control of vulnerable systems. |
| Description | This indicates a possible attempt to exploit a memory-corruption vulnerability in Novell eDirectory.
The vulnerability is caused by an error in the "evtFilteredMonitorEventsRequest()" function when processing malformed client LDAP requests. A remote attacker may exploit this to execute arbitrary code. |
| Affected Products | Novell eDirectory 8.8.1
Novell eDirectory 8.8 |
| Recommended Actions | Apply the appropriate patch:
Novell eDirectory Post 8.8.1 FTF1 for NW & Win32:
http://support.novell.com/servlet/filedownload/sec/pub/edir881ftf_1.exe/
Novell eDirectory Post 8.8.1 FTF1 for Linux\Unix:
http://support.novell.com/servlet/filedownload/sec/pub/edir881ftf_1.tgz/ |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4510
|
| Reference/s | http://www.securityfocus.com/bid/20663 (BugTraq)
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=428
|