Check Point Advisories

Update Protection against Novell eDirectory Denial of Service Vulnerability

Check Point Reference: CPAI-2007-022
Date Published: 22 Feb 2007
Severity: Medium
Last Updated: Monday 30 April, 2007
Source: Secunia Advisory: SA22506
Industry Reference:CVE-2006-4510
Protection Provided by:
Who is Vulnerable? Novell eDirectory 8.8.1 and prior
Novell eDirectory 8.7.3.8 and prior
Vulnerability Description Novell eDirectory server is vulnerable to a denial of service (DoS) condition. Novell eDirectory is a set of services based on the Lightweight Directory Access Protocol (LDAP). The vulnerability can be exploited by remote attackers to crash the service or execute code via a specially crafted LDAP request to an affected LDAP server.
Vulnerability DetailsThe vulnerability is due to an invalid free in the 'evtFilteredMonitorEventsRequest' function in the service in Novell eDirectory that fails to properly process overly long LDAP requests. Remote attackers can exploit this issue by sending specially crafted LDAP requests to a vulnerable server and causing it to crash. Successful exploitation may allow execution of arbitrary code on the vulnerable system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK