Novell: >> Edirectory >> 8.8 Security Vulnerabilities
The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request.
CVSS Score
5.0
EPSS Score
0.033
Published
2006-11-04
Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.
CVSS Score
7.5
EPSS Score
0.096
Published
2006-10-24
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.
CVSS Score
10.0
EPSS Score
0.371
Published
2006-10-24
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory.
CVSS Score
10.0
EPSS Score
0.379
Published
2006-10-24
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
CVSS Score
10.0
EPSS Score
0.249
Published
2006-05-20
Page 4