CVE-2009-3862 — MEDIUM (5.0)

Vulnerability Description

The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Novell	Edirectory	8.7.3

Related Weaknesses (CWE)

CWE-287

References

http://www.novell.com/support/viewContent.do?externalId=7004721PatchVendor Advisory
http://www.securityfocus.com/bid/36902
http://www.vupen.com/english/advisories/2009/3120PatchVendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-09-075/Patch
http://www.novell.com/support/viewContent.do?externalId=7004721PatchVendor Advisory
http://www.securityfocus.com/bid/36902
http://www.vupen.com/english/advisories/2009/3120PatchVendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-09-075/Patch

FAQ

What is CVE-2009-3862?

CVE-2009-3862 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a de...

How severe is CVE-2009-3862?

CVE-2009-3862 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3862?

Check the references section above for vendor advisories and patch information. Affected products include: Novell Edirectory.