Novell eDirectory < 8.8.2 FTF2 / 8.7.3 SP10b Multiple Remote Overflows

critical Nessus Plugin ID 33397


The remote directory service is affected by multiple buffer overflows.


The remote host is running eDirectory, a directory service software from Novell.

The installed version of eDirectory is affected by an integer overflow issue in ds.dlm / dhost.exe (bound by default to TCP port 524) as well as a heap-based buffer overflow that can be triggered by passing NULL search parameters to the LDAP service. An unauthenticated attacker may be able to leverage either issue to execute code on the remote host with SYSTEM privileges.


Upgrade to eDirectory 8.8.2 FTF2 / 8.7.3 SP10b or later.

See Also

Plugin Details

Severity: Critical

ID: 33397

File Name: edirectory_ds_integer_overflow.nasl

Version: 1.20

Type: remote

Published: 7/7/2008

Updated: 11/15/2018

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:2.3:a:novell:edirectory:*:*:*:*:*:*:*:*

Required KB Items: Services/ldap

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-3159, CVE-2008-1809

BID: 30085, 30175

CWE: 119, 189