Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Response > CCIRC > Analytical releases 2010 > AV10-016: Novell eDirectory Multiple Vulnerabilities

Institutional links

Novell eDirectory Multiple Vulnerabilities

Number: AV10-016
Date: 7 June 2010

Purpose

The purpose of this advisory is to bring attention to vulnerabilities in Novell eDirectory.

Assessment

The following vulnerabilities have been reported in Novell eDirectory, which can be exploited to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

  1. An unspecified error in NDSD when processing malformed verbs can be exploited to cause a crash.
  2. A boundary error in dhost.exe can be exploited to cause a buffer overflow via a specially crafted GET request.
  3. An unspecified error can be exploited to cause Dhost to crash e.g. by running a certain security scan against the server.

Affected software:
The vulnerabilities are reported in versions prior to 8.8 SP5 Patch 4.

REFERENCES

These vulnerabilities have been assigned the CVE identifier CVE-2009-4653.

Novell:
http://www.novell.com/support/viewContent.do?externalId=3426981
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5076150.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5076151.html

Suggested action

CCIRC recommends that departments liaise with the administrators/maintainers of the network service to identify affected products and assess the need to apply the appropriate updates and/or workarounds.

Upgrading to version 8.8 SP5 Patch 4 resolves the issue:
http://download.novell.com/Download?buildid=dJUBKQVvUxA~

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-06-07
Top of Page
Top of Page
Important Notices