CVE-2009-0895

Name of the Vulnerable Software and Affected Versions Novell eDirectory versions 8.7.3.x through 8.7.3.10 ftf1 and versions 8.8.x through 8.8.5.1

Description The issue is caused by an integer overflow that allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value, triggering a heap-based buffer overflow.

Recommendations For Novell eDirectory versions 8.7.3.x through 8.7.3.10 ftf1, update to version 8.7.3.10 ftf2 or later. For Novell eDirectory versions 8.8.x through 8.8.5.1, update to version 8.8.5.2 or later.