Novell has fixed a vulnerability in its eDirectory service that could affect users who run the program on some Linux and WIndows platforms. The problem, a stack buffer overflow (CVE-2012-0432) is remotely exploitable and can be done without authentication, according to an alert issued yesterday by David Klein on the Full Disclosure mailing lists.
The overflow vulnerability affects the KeyedObjectLogin, a feature that “enables a client to identify itself to the file server and gain rights to access certain directories (and files) within the file server.” Attackers would be able to gain full control over the system if the bug was exploited.
eDirectory is software created by Novell to manage multiple servers within a network.
While the bug was initially discovered last August, it took several months to go through the patching process and while it was fixed last month for the company’s paying customers, it wasn’t until yesterday that the vulnerability was publicly disclosed.
Novell added the fix to its latest patch, “8.8 SP7 patch 2 6989” and if they haven’t done so already, users of the software are being encouraged to download and apply it to remedy the problem.