Novell patches eDirectory buffer overflow vulnerability

Novell has addressed a flaw in the iMonitor component of its eDirectory LDAP directory service that could be exploited to cause a denial of service.

This Content Component encountered an error

Waltham, Mass.-based Novell Inc. has issued a bulletin to remedy a moderately critical security vulnerability in eDirectory. Unless fixed, the unspecified vulnerability could be exploited by a local user to cause a denial of service and possible unauthorized system access in the target system.

Novell eDirectory is an LDAP directory service, used for identity-management deployments and multiplatform network services. The current flaw occurs in eDirectory's iMonitor component, which provides Web-based cross-platform monitoring and diagnostic capabilities.

The issue occurs because of the possibility of forcing a buffer overflow in an unspecified part of iMonitor processing, which could cause a denial of service. Because eDirectory is an LDAP directory service, a denial-of-service attack could cause more widespread security issues, including the possibility of unauthorized system access.

Version 2.4 of iMonitor, which ships with eDirectory version 8.8, is known to be vulnerable. Novell has provided a patch for this vulnerability on Windows, UNIX, and NetWare systems.

It is unclear whether the current vulnerability may be related to a security flaw in iMonitor previously reported by Danish vulnerability clearinghouse Secunia. In August 2005, another buffer overflow problem in iMonitor allowed execution of arbitrary code with system privileges. Again, unauthorized system access was a possible secondary effect of the vulnerability. Also in 2005, Novell reported unrelated eDirectory vulnerabilities with remote denial of service and the possibility of bypassing passwords.

Edmund X. DeJesus is a freelance writer in Norwood, Mass.

Dig deeper on Database Security Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close