Short Name |
APP:NOVELL:NDS-IO |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Novell eDirectory NDS Verb 0x01 Integer Overflow |
Release Date |
2010/10/13 |
Update Number |
1791 |
Supported Platforms |
idp-4.0+, isg-3.4+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
An integer overflow has been reported in Novell eDirectory. The flaw is due to errors when processing maliciously crafted service requests (NDS Verb 0x1) with an overly large integer value that would be used in a memory allocation. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious request to a target host. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt may terminate the affected application abnormally causing a denial of service condition.
Novell eDirectory is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions. The issue affects the following: eDirectory 8.7.3.10 ftf1 and prior eDirectory 8.8.5 ftf1 and prior