PT-2009-3486 · Novell · Novell Edirectory

Published

2009-12-03

Updated

2017-08-17

CVE-2009-0895

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Novell eDirectory versions 8.7.3.x through 8.7.3.10 ftf1 and versions 8.8.x through 8.8.5.1

Description The issue is caused by an integer overflow that allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value, triggering a heap-based buffer overflow.

Recommendations For Novell eDirectory versions 8.7.3.x through 8.7.3.10 ftf1, update to version 8.7.3.10 ftf2 or later. For Novell eDirectory versions 8.8.x through 8.8.5.1, update to version 8.8.5.2 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2009-0895

Affected Products

Novell Edirectory

PT-2009-3486 · Novell · Novell Edirectory

CVE-2009-0895

Weakness Enumeration

Related Identifiers

Affected Products

References · 9