Novell eDirectory Integer Overflow Vulnerability

(CVE-2009-0895)
A code execution vulnerability exists in Novell’s popular eDirectory LDAP server. A remote attacker can exploit this issue by sending a specially crafted request to a target host. Successful exploitation could allow the attacker to execute arbitrary code on the affected service or crash the system.

Novell eDirectory is a Lightweight Directory Access Protocol (LDAP) server, intended for use as part of an identity management solution that centralizes the management of user identities, access privileges and other network resources. eDirectory is one of the most widely used directory servers on the market, used in 80 percent of Fortune 1000 companies. The directory server permits unauthenticated user queries of the server for information about specific objects. The vulnerability is due to errors in Novell eDirectory when processing maliciously crafted service requests (NDS Verb 0x1) with an overly large integer value that could be used in a memory allocation resulting in a heap-based buffer overflow.

Check Point provides immediate protection against exploits that use this vulnerability through its integrated and dedicated IPS offerings. Check Point SmartDefense, IPS Software Blade, and IPS-1 detect and block malformed Novell NDS packets sent to the eDirectory system. For more information, see CPAI-2010-014.