CVE-2009-0895
Novell eDirectory 8.7.3.x-8.7.3.9 and 8.8.x-8.8.5.1 - Remote Code Execution via NDS Verb 0x1 Request
Title source: llmDescription
Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.
References (8)
Core 8
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3379
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50616
Third Party Advisory third-party-advisory
x_refsource_iss
http://www.iss.net/threats/356.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37554
Patch, Vendor Advisory x_refsource_confirm
http://www.novell.com/support/viewContent.do?externalId=7004912
Issue Tracking x_refsource_misc
https://bugzilla.novell.com/show_bug.cgi?id=524344
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37184
Issue Tracking x_refsource_misc
https://bugzilla.novell.com/show_bug.cgi?id=545887
Scores
EPSS
0.2842
EPSS Percentile
96.6%
Details
CWE
CWE-189
Status
published
Products (8)
novell/edirectory
8.7.3 (10 CPE variants)
novell/edirectory
8.7.3.8
novell/edirectory
8.7.3.9
novell/edirectory
8.7.3.10
novell/edirectory
8.8 (5 CPE variants)
novell/edirectory
8.8.1
novell/edirectory
8.8.2 (2 CPE variants)
novell/edirectory
8.8.5
Published
Dec 03, 2009
Tracked Since
Feb 18, 2026