Denial of Service Vulnerability in Novell eDirectory Products
CVE-2009-3862

Currently unrated

Key Information:

Vendor: Novell
Status: Edirectory
Vendor: CVE Published:; 4 November 2009

Summary

The NDSD process in Novell eDirectory versions 8.7.3 prior to 8.7.3.10 ftf2 and 8.8 prior to 8.8.5 ftf1 is vulnerable due to improper handling of specific LDAP search requests. Attackers can exploit this weakness by sending a search request containing a NULL BaseDN value, which can lead to an application hang and denial of service. This vulnerability poses a significant threat to service availability and stability.

References

http://www.novell.com/support/viewContent.do?externalId=7...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2009/3120

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/36902

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Nov 4, 2009
Vulnerability Reserved
Nov 4, 2009