PT-2007-1171 · Novell · Novell Edirectory

Published

2007-04-30

Updated

2017-07-20

CVE-2006-4520

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Novell eDirectory versions prior to 8.7.3 SP9 Novell eDirectory versions 8.8.x prior to 8.8.1 FTF2

Description: The issue is related to the handling of NCP fragments with a negative length by ncp in Novell eDirectory. This improper handling allows remote attackers to cause a denial of service, resulting in a daemon crash when the heap is written to a log file.

Recommendations: For Novell eDirectory versions prior to 8.7.3 SP9, update to version 8.7.3 SP9 or later. For Novell eDirectory versions 8.8.x prior to 8.8.1 FTF2, update to version 8.8.1 FTF2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4520

Affected Products

Novell Edirectory

PT-2007-1171 · Novell · Novell Edirectory

CVE-2006-4520

Related Identifiers

Affected Products

References · 7