Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Novell eDirectory Vulnerability

(Bugtraq ID: 37042)

A code execution vulnerability exists in Novell’s popular eDirectory.

Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) server, intended for use as part of an identity management solution. According to IDC, eDirectory is the most widely used directory on the market, used in 80 percent of Fortune 1000 companies.

The vulnerability is due to lack of boundary validation when handling HTTP requests to the HTTPSTK form, especially the sadminpwd and verifypwd parameters. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable system. Successful exploitation would allow for execution of arbitrary code.

Check Point provides protection against exploits that use this vulnerability through IPS-1. IPS-1 detects and blocks HTTP post requests to the eDirectory dhost application with malformed parameters. See CPAI-2009-301.