==================================================================== CERT-Renater Note d'Information No. 2012/VULN139 ____________________________________________________________________ DATE : 20/03/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running Novell eDirectory versions 8.8 prior to 8.8 SP6 Patch 5. ====================================================================== http://www.novell.com/support/viewContent.do?externalId=3426981 ______________________________________________________________________ History of Issues Resolved in eDirectory 8.8.x This document (3426981) is provided subject to the disclaimer at the end of this document. Environment Novell eDirectory 8.8 for All Platforms Resolution This TID documents all patches and fixes for eDirectory 8.8 SPx. For a list of all eDirectory Security Component issues resolved prior to this patch please refer to the following: http://www.novell.com/support/viewContent.do?externalId=7005397 Status Diagnostic Pattern Available through Novell Support Advisor Additional Information ____________________________________________________________________________ Issues resolved in eDirectory 8.8 SP6 Patch 5 (20606.01) March 13, 2012 NDSD: - Security Vulnerability: Authenticated buffer overflow in jclient resulting in an iManager crash (Bug 729659) (CVE-2010-1929) - Added the ability to control when attributes are moved to the attribute container to avoid Error: -6029 (Bug 722114) - Added the ability to manually cost replica referrals for iManager (Bug 716177) - Fragger code optimization to prevent ncp thread exhaustion with many failed logins (Bug 709252) - Objects being referenced that are renamed no longer bump revision to avoid modification time errors in ndsrepair (Bug 679695) LDAP: - LDAP returns syntax violation (-613) Invalid GeneralizedTime time syntax when submitting RBPM delegation / proxy assignments (Bug 732601) - Security Vulnerability in eDirectory RelativeToFullDN Parsing Remote Code (Bug 729314) - Race condition resulted in LDAP searches periodically failing with " result 80: NDS error: transport failure (-625) to connection" (Bug 645068) - Memory corruption issue resulting in a core in FreeNDSReferralList resolved (Bug 544781) NDSCONFIG: - Ndsconfig hung during the configuration of eDirectory after the server certificate association (Bug 731025/709252) NDSTRACE: - When using " tail -f " to view the ndstrace.log no updates are seen after the log hits its fmax size (Bug 685772) XDAS: - NDSD coring due to missing null check (Bug 741945) OTHER: - Unsatisfied dependancy errors when running an rpm -V on some rpms (Bug 723142) - Novell-ncpenc version not getting updated (Bug 646083) ... Document Document ID: 3426981 Creation Date: 10-17-2007 Modified Date: 03-16-2012 Novell Product: eDirectory Disclaimer The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================