CVE-2009-3862

2009-11-04T18:30:00
ID CVE-2009-3862
Type cve
Reporter cve@mitre.org
Modified 2009-11-05T05:00:00

Description

The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value. Per: http://www.novell.com/support/viewContent.do?externalId=7004721

"Resolution

This vulnerability is resolved in eDirectory 8.8.5 ftf1 and eDirectory 8.7.3.10 ftf2.

To resolve this problem, apply eDirectory 8.8.5 ftf1 or newer for eDirectory 8.8.X and eDirectory 8.7.3.10 ftf2 for eDirectory 8.7.3.X. Patches are available at http://download.novell.com"