Denial of Service in Novell eDirectory Due to Wildcard LDAP Requests
CVE-2009-2456

Currently unrated

Key Information:

Vendor: Novell
Status: Edirectory
Vendor: CVE Published:; 14 July 2009

Summary

The DS/NDSD component in Novell eDirectory 8.8 prior to Service Pack 5 is susceptible to a denial of service condition, which can be triggered by remote attackers. By crafting an LDAP request containing multiple dot (.) wildcard characters within the Relative Distinguished Name (RDN), an attacker can induce a core dump of the ndsd process, disrupting availability and leading to system instability.

References

http://secunia.com/advisories/34160

third-party-advisoryx_refsource_SECUNIA

http://www.novell.com/support/viewContent.do?externalId=3...

x_refsource_CONFIRM

http://osvdb.org/55848

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jul 14, 2009
Vulnerability Reserved
Jul 14, 2009