Info

Disclosure

Sep 30, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 30, 2010

Description

Novell eDirectory contains a flaw that may allow a remote denial of service. The issue is triggered when the NCP implementation handles a malformed request. It explicitly trusts a field while translating it to an index. If the index is too large, it will result in a loss of availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Novell has released a patch to address this vulnerability.

Products

Novell, Inc.

eDirectory

8.8.5 ftf3

References

Mail List Post: http://seclists.org/fulldisclosure/2010/Oct/6
Vendor Specific Advisory URL: http://www.novell.com/support/viewContent.do?externalId=7006389&sliceId=2
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-10-189

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/69874