Description
The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value.
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.novell.com/support/viewContent.do?externalId=7004721
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3120
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36902
Patch x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-09-075/
Scores
EPSS
0.0067
EPSS Percentile
71.5%
Details
CWE
CWE-287
Status
published
Products (6)
novell/edirectory
8.7.3 (9 CPE variants)
novell/edirectory
8.7.3.8
novell/edirectory
8.7.3.9
novell/edirectory
8.8 (5 CPE variants)
novell/edirectory
8.8.1
novell/edirectory
8.8.2
Published
Nov 04, 2009
Tracked Since
Feb 18, 2026