CVE-2008-5038

Name of the Vulnerable Software and Affected Versions Novell eDirectory versions 8.7.3 SP10 through 8.7.3 SP10 before FTF1 Novell eDirectory version 8.8 SP2 for Windows

Description The issue is related to a use-after-free vulnerability in the NetWare Core Protocol (NCP) feature. This vulnerability can be exploited by remote attackers through a sequence of "Get NCP Extension Information By Name" requests. The exploitation causes one thread to operate on memory after it has been freed in another thread, leading to memory corruption. This can result in a denial of service and potentially allow the execution of arbitrary code.

Recommendations For Novell eDirectory versions 8.7.3 SP10 through 8.7.3 SP10 before FTF1, update to 8.7.3 SP10 FTF1 to resolve the issue. For Novell eDirectory version 8.8 SP2 for Windows, no specific fix is mentioned, but as a temporary workaround, consider restricting access to the NCP feature until a patch is available.