Preemptive Protection against Novell eDirectory Server iMonitor Vulnerability

Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) directory-based identity management system that centralizes the management of user identities, access privileges and many other network resources. A buffer overflow vulnerability exists in Novell eDirectory Server iMonitor. An unauthenticated remote attacker can exploit the vulnerability to cause denial of service, or execute arbitrary code on the target system.

The vulnerability is caused by improper boundary checking when processing HTTP requests. A remote attacker can trigger the vulnerability by requesting a resource with an overly long name in the "nds/" folder.

Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of Connectra who have applied the solution outlined below will identify the attack by the following log produced by SmartView Tracker:

Attack Name: Malicious Code Protector
Information: reason: WSE0130001 malicious code detected in URL

Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of Connectra can protect against this vulnerability using the Malicious Code Protector (MCP).

In order for the Malicious code Protector protection to work, you need to set the host you wish to apply the protection to, to listen to TCP port 8080.

To define a Web Server running on port 8080/TCP: 

1. From the Network Objects tree in the SmartDashboad, right-click the Nodes icon.
2. From the Nodes menu, select New Node > Host.
3. Give the server a name and IP address; Click Configure Severs and click the Web Server option; Click OK.
4. 4. Click the Web Server tab; check Server uses additional ports and enter port 8080; Click OK.

To enable Malicious Code Protector (MCP) on the host you have defined above, refer to CPSA-2004-06 .