8.8.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

novell

NVD

Published: 2006-11-04

Updated: 2017-07-20

Summary

The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request.

Vulnerable Configurations

Part	Description	Count
Application	Novell Novell Edirectory 8.8 Novell Edirectory 8.8.1	2

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=437
http://secunia.com/advisories/22660
http://securitytracker.com/id?1017140
http://www.securityfocus.com/bid/20842
http://www.vupen.com/english/advisories/2006/4293
https://exchange.xforce.ibmcloud.com/vulnerabilities/29963