Check Point Advisories

Update Protection against Novell eDirectory 'evtFilteredMonitorEventsRequest' Vulnerability

Check Point Reference: CPAI-2006-137
Date Published: 30 Nov 2006
Severity: Critical
Last Updated: Thursday 03 May, 2007
Source: FrSIRT/ADV-2006-4142
Industry Reference:CVE-2006-4510
Protection Provided by:
Who is Vulnerable? Novell eDirectory version 8.8.1 and prior
Vulnerability Description A remote code execution has been detected in the LDAP service of Novell eDirectory. Novell's eDirectory is a directory service software product for centrally managing access to resources on multiple servers and computers within a network. A remote attacker can exploit this vulnerability to execute arbitrary code on a target system.
Update/Patch AvaliableApply patches:

Novell eDirectory Post 8.8.1 FTF1 for NW and Win32 :
http://support.novell.com/servlet/filedownload/sec/pub/edir881ftf_1.exe/

Novell eDirectory Post 8.8.1 FTF1 for LinuxUnix :
http://support.novell.com/servlet/filedownload/sec/pub/edir881ftf_1.tgz/

Vulnerability DetailsThe flaw is due to an invalid free in the 'evtFilteredMonitorEventsRequest' function when processing crafted LDAP messages. An attacker can exploit this vulnerability by sending a specially crafted request to a target server. Successful exploitation could allow a remote attacker to crash the server or execute arbitrary code on an affected system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK