Vulnerability Description
Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Edirectory | 8.7.3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37554Vendor Advisory
- http://www.iss.net/threats/356.html
- http://www.novell.com/support/viewContent.do?externalId=7004912PatchVendor Advisory
- http://www.securityfocus.com/bid/37184
- http://www.vupen.com/english/advisories/2009/3379PatchVendor Advisory
- https://bugzilla.novell.com/show_bug.cgi?id=524344
- https://bugzilla.novell.com/show_bug.cgi?id=545887
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50616
- http://secunia.com/advisories/37554Vendor Advisory
- http://www.iss.net/threats/356.html
- http://www.novell.com/support/viewContent.do?externalId=7004912PatchVendor Advisory
- http://www.securityfocus.com/bid/37184
- http://www.vupen.com/english/advisories/2009/3379PatchVendor Advisory
- https://bugzilla.novell.com/show_bug.cgi?id=524344
- https://bugzilla.novell.com/show_bug.cgi?id=545887
FAQ
What is CVE-2009-0895?
CVE-2009-0895 is a vulnerability with a CVSS score of 10.0 (HIGH). Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer val...
How severe is CVE-2009-0895?
CVE-2009-0895 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0895?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Edirectory.