VULHUB ™

iDefense Security Advisory 10.30.08 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s eDirectory could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists due to an area of heap memory being used after it has already been freed. By sending malformed data it is possible to cause an area of heap memory to be freed by one thread, and then reused after another thread allocates the same area of memory. This results in the original thread operating on the data changed by the second thread, which may lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in eDirectory version 8.8 SP2 for Windows. The Linux version does not appear to be affected. Previous versions may also be affected.

iDefense Security Advisory 10.30.08 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s eDirectory could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability exists due to an area of heap memory being used after it has already been freed. By sending malformed data it is possible to cause an area of heap memory to be freed by one thread, and then reused after another thread allocates the same area of memory. This results in the original thread operating on the data changed by the second thread, which may lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in eDirectory version 8.8 SP2 for Windows. The Linux version does not appear to be affected. Previous versions may also be affected.