-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2009.1149
               Novell eDirectory Heap-based Buffer Overflow
                              2 December 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Novell eDirectory 8.7.3.10 ftf1 and prior
                      Novell eDirectory 8.8.5 ftf1 and prior
Operating System:     Windows
                      Netware
                      Linux variants
                      Solaris
                      AIX
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                      Denial of Service               -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2009-0895  
Member content until: Friday, January  1 2010

OVERVIEW

        A vulnerability has been identified in Novell eDirectory which could
        result in the execution of arbitrary code or a denial of service.


IMPACT

        The vendor has provided the following description of the 
        vulnerability:
        
        "Novell eDirectory permits unauthenticated users to query the server
        for information about specific objects.  The user can send a service
        request (NDS Verb 0x1) that has integer used in a memory allocation.
        A large integer can result in an integer wrap and a subsequent
        allocation returning an insufficient buffer, resulting in a
        heap-based buffer overflow.
        
        Successful exploitation would grant an attacker the same
        privileges eDirectory is using and/or cause a crash of the
        eDirectory service resulting in a denial of service." [1]


MITIGATION

        The vendor has provided a patch to correct this vulnerability which can
        be downloaded from the vendor's website. [1]


REFERENCES

        [1] Security Vulnerability: Novell eDirectory Heap-based Buffer
            Overflow
            http://www.novell.com/support/viewContent.do?externalId=7004912&sliceId=1

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFLFZ7VNVH5XJJInbgRApnQAKCBDs/qqKHqb+jEoURvQhFZL+xIGwCfSsgf
YwW71PGg2mSHxghuFiqTExY=
=GA//
-----END PGP SIGNATURE-----