|
|
|
|
| |
Credit:
The information has been provided by iDefense.
The original article can be found at:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=437
|
| |
Vulnerable Systems:
* Novell's eDirectory versions 8.8 and 8.8.1
The problem specifically exists due to a pointer handling mistake within the BerDecodeLoginDataRequest function within the libnmasldap.so module. When a specially crafted login request is encountered, this function loops based on a length value supplied in the request. In this loop, a nested pointer value is incremented at the wrong level. This results in a buffer length parameter that is on the stack being used as a memory address for ber_get_int(). This value does not appear to be influenced in any way by attacker supplied input. Invalid memory access will lead to a segmentation violation, crashing the process.
Successful exploitation of this vulnerability could allow an attacker to crash the server process. No credentials are required.
Vendor Status:
Novell has addressed this issue in version 2.0.3 of Security Services. To obtain the updated version please refer to the following quoted vendor response:
"Search for "Security Services" at the Novell Downloads Web site and download the necessary platform-specific download for the Security Services 2.0.3 patch.
* For NetWare - select ss203_NW.tgz
* For Linux, Solaris, HP-UX, and AIX - select ss203_SLAH.tgz
* For Windows - select ss_setup.exe"
CVE Information:
CVE-2006-4521
|
|
|
|
|
