|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=518
|
| |
Vulnerable Systems:
* Novell Inc.'s eDirectory server with FTF1 applied version 8.8.1
The problem specifically exists within the NCP functionality of eDirectory. Sending a sequence of specially crafted fragmented requests will cause a DoS condition.
If the input is crafted properly, eDirectory will report to its error log that a fragment has been received with an invalid length. The error message includes the contents of the fragments in hexadecimal notation. However, if the length is negative, eDirectory will try to dump data to the log indefinitely. This results in a large amount of data being saved to the log. Once the end of the heap segment is reached, a memory access violation will occur and the server process will crash.
Analysis:
Successful exploitation of this vulnerability could allow an attacker to crash the server process. No credentials are required. Repeated attacks could allow the attacker to cause excessive disk space usage.
Vendor response:
Novell has addressed this problem within FTF2 for eDirectory 8.8.1. More information is available in Novell Document ID 3924657 at the following URL.
http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3924657&sliceId=SAL_Public
CVE Information:
CVE-2006-4520
Disclosure Timeline:
08/17/2006 - Initial vendor notification
08/18/2006 - Initial vendor response
10/21/2006 - Second vendor notification
10/23/2006 - Vendor response
12/06/2006 - Third vendor notification
12/18/2006 - Vendor response
03/21/2007 - Fourth vendor notification
04/25/2007 - Fifth vendor notification
04/25/2007 - Vendor advised that the fix was in FTF2
04/26/2007 - Coordinated public disclosure
|
|
|
|
|
