This is Your Open EnterpriseTM

Novell eDirectory 20080924


This document (5037180) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Architecture: x86
Security patch: YesView security alerts.
Priority: Mandatory
Distribution Type: Public


Revision: 1
Document ID: 5037180
Creation Date: 2008-10-23 13:50:03


Novell eDirectory
SuSE Linux Maintenance Web (ef1bcc8cbc6b2ed29c6f85eaf38f2eec)

Applies to

Package: novell-NDSserv novell-NOVLembox
Novell Open Enterprise Server 2 for x86
Novell Open Enterprise Server 2 for AMD64 and Intel EM64T
Patch: oes2-novell-NDSserv-5626

Release: 20080924
Obsoletes: none



All users of Novell eDirectory should update.



Problem description

This patch resolves the following security vulnerabilities:
  • Security vulnerability: content-Length header heap overflow. (Bug 379880) (CVE-2008-4478) (TID 7000087)
  • Security vulnerability: dhost accept language header heap overflow. (Bug 379882) (CVE-2008-4479) (TID 7000086)
  • Security vulnerability: eDirectory core protocol opcode 0x0F heap overflow. (Bug 396817) (CVE-2008-4478) (TID 7001184)
  • Security vulnerability: eDirectory core protocol opcode 0x24 heap overflow. (Bug 396819) (CVE-2008-4480) (TID 7001183)
  • Security vulnerability: remote exploitation of eDirectory NCP memory corruption. (Bug 373852) (IDEF2996) (TID 7001185)
  • Security vulnerability: httpstk allows cross site scripting. (Bug 387429) (CVE-2008-0925) (TID 3460217)


Please install the updates provided at the location noted below.

Installation notes

This update is provided as an RPM package that can easily be installed onto a running system by using this command:

rpm -Fvh novell-NDSserv.rpm novell-NOVLembox.rpm

file contents

Files IncludedSizeDate
novell-NDSserv-8.8.2-71.12.i586.rpm6.1 MB (6435724)2008-10-23 13:50:11
novell-NOVLembox-8.8.2-31.1.i586.rpm2.1 MB (2280186)2008-10-23 13:50:12
readme_5037180.htmlN/A2008-10-23 13:50:37

source packages

Download the source code of the patches for maintained products.


The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.