Integer Overflow Vulnerability in Novell eDirectory by Novell
CVE-2009-0895

Currently unrated

Key Information:

Vendor: Novell
Status: Edirectory
Vendor: CVE Published:; 3 December 2009

What is CVE-2009-0895?

An integer overflow vulnerability exists in Novell eDirectory versions prior to 8.7.3.10 ftf2 and 8.8.5.2. This vulnerability allows remote attackers to execute arbitrary code through a specially crafted NDS Verb 0x1 request containing a significantly large integer value, leading to a heap-based buffer overflow. Attackers exploiting this flaw may gain control over affected systems, making it imperative for users to apply relevant patches and updates.

References

http://www.vupen.com/english/advisories/2009/3379

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/37184

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/50616

vdb-entryx_refsource_XF

EPSS Score

26% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2009
Vulnerability Reserved
Mar 14, 2009