Secunia

Some vulnerabilities have been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

1) Two calculation errors exist in the processing of replica verbs (Opcode 0x23 and 0x24) within dhost.exe, which can be exploited to cause heap-based buffer overflows.

2) An integer overflow error exists in the processing of the DSV_READ verb (Opcode 0x0F) within dhost.exe, which can be exploited to cause a heap-based buffer overflow.

3) An integer overflow error exists in the processing of HTTP Content-Length headers, which can be exploited to cause a heap-based buffer overflow.

4) A boundary error exists in the processing of HTTP Accept-Language headers, which can be exploited to cause a heap-based buffer overflow.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in version 8.7.3 SP10.

Solution
Apply 8.7.3 SP10 FTF1.

Provided and/or discovered by
The vendor credits:
1, 2) Sebastian Apelt, reported via ZDI.
3, 4) An anonymous researcher, reported via ZDI.

Changelog
Further details available in Customer Area

Original Advisory
Novell:
http://www.novell.com/support/viewContent.do?externalId=3477912
http://www.novell.com/support/viewContent.do?externalId=7001183
http://www.novell.com/support/viewContent.do?externalId=7001184
http://www.novell.com/support/viewContent.do?externalId=7000087
http://www.novell.com/support/viewContent.do?externalId=7000086

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-063/
http://www.zerodayinitiative.com/advisories/ZDI-08-064/
http://www.zerodayinitiative.com/advisories/ZDI-08-065/
http://www.zerodayinitiative.com/advisories/ZDI-08-066/

Deep Links
Links available in Customer Area