The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS
------------------------------------------------------------------------
SUMMARY
Novell <http://www.novell.com/products/edirectory/> eDirectory is a
cross-platform lightweight directory access protocol (LDAP) server.
Additionally, eDirectory implements NMAS which stands for Novell Modular
Authentication System.
Remote exploitation of a denial of service (DoS) vulnerability in Novell
Inc.'s eDirectory product could allow an attacker to force the running
daemon to cease servicing requests.
DETAILS
Vulnerable Systems:
* Novell's eDirectory versions 8.8 and 8.8.1
The problem specifically exists due to a pointer handling mistake within
the BerDecodeLoginDataRequest function within the libnmasldap.so module.
When a specially crafted login request is encountered, this function loops
based on a length value supplied in the request. In this loop, a nested
pointer value is incremented at the wrong level. This results in a buffer
length parameter that is on the stack being used as a memory address for
ber_get_int(). This value does not appear to be influenced in any way by
attacker supplied input. Invalid memory access will lead to a segmentation
violation, crashing the process.
Successful exploitation of this vulnerability could allow an attacker to
crash the server process. No credentials are required.
Vendor Status:
Novell has addressed this issue in version 2.0.3 of Security Services. To
obtain the updated version please refer to the following quoted vendor
response:
"Search for "Security Services" at the <http://download.novell.com>
Novell Downloads Web site and download the necessary platform-specific
download for the Security Services 2.0.3 patch.
* For NetWare - select ss203_NW.tgz
* For Linux, Solaris, HP-UX, and AIX - select ss203_SLAH.tgz
* For Windows - select ss_setup.exe"
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4521>
CVE-2006-4521
ADDITIONAL INFORMATION
The information has been provided by iDefense.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=437>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=437
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any
kind.
In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages.
