=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN318
_____________________________________________________________________

DATE                      : 01/09/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Novell eDirectory 8.8,
                             Novell NetWare 6.5 Support Pack 7,
                             Novell Open Enterprise Server.

======================================================================
http://www.novell.com/support/viewContent.do?externalId=3426981
______________________________________________________________________

This document (3426981) is provided subject to the disclaimer at the end 
of this document.


Environment

Novell eDirectory 8.8 SP2 for All Platforms
Novell eDirectory 8.8 SP1 for All Platforms
Novell eDirectory 8.8 for All Platforms
Novell NetWare 6.5 Support Pack 7
Novell NetWare 6.5 Support Pack 6
Novell Open Enterprise Server (OES) 2
Novell Open Enterprise Server (OES) 1
Additional Information

Issues resolved in eDirectory 8.8 SP3 (20216.83)

NDS
- Heap overflow vulnerability fix (Bug 396819 396817)
- eDirectory connections buildup (Bug 379559)
- Could not import user with a DN of 250 UTF-8 characters [Japan] (Bug
   378635)
- Dstrace now shows a LDAP message that details what LDAP to eDir schema
   mapping is used when modifying schema (Bug 377121)
- Moving objects can result in stale\inconsistent acl values (Bug
   272056\347450)
- Groupmembership query return in LDAP very slow due to nestedgroups
   code addition (Bug 346181)
- Using nested groups, groupmembership values returned when given name
   is queried (Bug 336377)
- ICE fails to extend schema if no OID is specified (Bug 376047)
- Linux - Ndsmanage returned "Invalid Selection" when running after
   su'ing to root.  (Bug 378424/337829)
- Solaris - ndsd cores when setting the NDSD_USE_STDIO parameter to get
   around the file descripter limit. (Bug 406009)
- Linux\Unix - made a change to concurrency so that the behavior matches
   that of NetWare (Bug#406041\369952)  (TID 7001188)
- Windows - security vulnerability due to remote exploitation of memory
   corruption (Bug 373852)
- Double free core when adding schema via LDAP with no syntax specified
   (Bug 368323)
- User with supervisor rights to the NCP server object can now monitor
   events (Bug 359077)
- 10% better performance in reading references during backup (Bug
   356413)
- OES install and configure dialog fails when there are multiple
   instances (Bug 347328)
- Ndsd memory leak when running with IDM 3.5.1 (296747)
- Starting ndsd with rcndsd start -ndb then issuing a rcndsd stop
   results in a core (Bug 296276)
- ICE with lburp adding container at wrong level in tree (Bug 293273)
-  Limber now clears invalid members from a group (Bug 220868)
- Ndsd install failing with 55555 (Invalid Treename) when tree name was
   stored in small caps (Bug 215603)
- Cannot read GUID attribute on tree root when LDAP server does not hold
   a copy of root (Bug 138763)

DSREPAIR\NDSREPAIR
- Cluster objects showing as servers when performing a time synch report
  (Bug 385838)
- Error -168 returned when running a repair with the rebuild database
   option (Bug 378136)
- Local database repair and single object repair no longer check
   references by default (Bug 334627)
- Request schema from tree when local server does not hold root results
   in a -601 error (Bug 307180)
- Win32 - dhost would crash when running repair and logging out of
   session while task ran (Bug 297160)
- Running repair with create temp database option set and ndsd starting
   with the -ndb option hangs (Bug 296276)

LDAP
- Bind performance improvement (Bug 288370)
- Buffer overflow security vulnerability (Bug 373853)
- When replacing the value of an attribute error: -722 (Operational
   Schema Mismatch) is returned (Bug 335277)
- Querying a single attribute value when multiple values exist all are
   returned (Bug 365347)
- Persistent search by LUM cores server (Bug 371685\360025)
- Resolved crash on Windows due to memory corruption (Bug 359982)
- Using a wildcard on value searched results in duplicate returns (Bug
   357766)

NCPENGINE
- Windows crash in ncpengine (Bug 396576)
- Ncpengine core in GetCLSDataStruct (Bug 372984)

iMonitor
- Reference check is no longer enabled by default [-AG] (Bug 381773)
- Error -5993 returned when symlink is used for the trace file location
   (Bug 378851)
- Now displays both the ID and DN of the entries in the Ancestor ID list
  (Bug 339673)
- iMon displayed a non-present group membership after member is removed
   from a nested group (Bug 335227)
- Requests serviced from cache is now calculated correctly (Bug 326955)

NDSTRACE
- Ndstrace showed no output with the +pkii flag (Bug 389904)
- Selective partition synch now works as with 873 (Bug 389675)
- "*J" now kicks off the janitor process and "*f" kicks off the
   flatcleaner
- Ndstrace -c connection count displayed increased from 160 to 1500 (Bug
   373480)

ICE
- ICE incorrectly returns that schema is already extended when in fact
   schema was changed (Bug 376043)
- ICE now inserts a CR followed by a LF on non-Unix platforma (Bug
   329515)
- ICE now line wraps at column 76 instead of 77 (Bug 329512)

SNMP
- DSSNMPSA losses connection sending traps - fails with Error: -732 (Bug
   403358)
NDSCONFIG - Linux\Unix - ndsconfig can now set 
n4u.server.mask-port-number back to 1 (Bug 397443)

HTTPSTK
- Cross site scripting vulnerability (Bug 387429)
- Vulnerability fix - Language header heap overflow (Bug 379882)
- Vulnerability fix - content length header heap overflow (Bug 379880)

IMANAGER EDIRECTORY PLUGINS
- Error unable to connect message when importing with ICE (Bug 410171)
- Random mapping deleted when deleting a ldap attribute mapping (337768)
- ICE export does not allow ordering of attributes when specifying a
   type of delimited text (Bug 370129)
- When setting to use high ciphers the ldapbindrestrictions is now set
   to 48 (48= none and cioher_high) (Bug 359754)
- LDAP Options incorrectly expanding sub-entries when clicking on plus
   sign (Bug 353045)
- ICE plugin failed to import or export data from disk with error code
   of 236 (Bug 347332)

DIBCLONE
- Dibclone no longer copies the IDM DirXML-ServerKey attribute on the
   pseudoserver object (364333)

SNMP
- NetWare - sys:\tmp\dssnmpsa_log.tmp consuming all disk space (Bug
   363490)

SCRIPTS
- NDSD script - If a core file exists an alert is displayed on startup
  (Bug 338794)
- NDS-UNINSTALL - printing multiple users for all instances (Bug 291524)
- Ndsconfig upgrade proceeding when wrong password is entered (Bug
   171477)
Enhancents:
- ACL Caching (363907)
- LDAP Event Monitoring
- 64 bit SLES version

Document
Document ID:	3426981
Creation Date:	10-17-2007
Modified Date:	08-28-2008
Novell Product:	eDirectory
Disclaimer

The Origin of this information may be internal or external to Novell.
Novell makes all reasonable efforts to verify this information. However,
the information provided in this document is for your information only.
Novell makes no explicit or implied claims to the validity of this
information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================