// For flags

CVE-2009-3862

Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value.

El proceso NDSD en Novell eDirectory v8.7.3 anterior a v8.7.3.10 ftf2 y eDirectory v8.8 anterior a v8.8.5 ftf1 no maneja adecuadamente ciertas peticiones de búsqueda de LDAP, lo que permite a atacantes remoto provocar una denegación de servicio (cuelgue de aplicación) a través de una petición de búsqueda con valor BaseDN NULL.

This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to exploit this vulnerability.
The specific flaw exists within Novell's eDirectory Server's LDAP implementation. Novell eDirectory's NDSD process binds to port 389/TCP for handling LDAP requests. When the service processes a search request with an undefined BaseDN, it will become unresponsive resulting in an inability to query or authenticate to that server.

*Credits: Anonymous
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-11-02 CVE Published
  • 2009-11-04 CVE Reserved
  • 2023-04-02 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.7.3
Search vendor "Novell" for product "Edirectory" and version "8.7.3"
-
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.7.3
Search vendor "Novell" for product "Edirectory" and version "8.7.3"
sp2, windows
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.7.3
Search vendor "Novell" for product "Edirectory" and version "8.7.3"
sp3, windows
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.7.3
Search vendor "Novell" for product "Edirectory" and version "8.7.3"
sp4, windows
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.7.3
Search vendor "Novell" for product "Edirectory" and version "8.7.3"
sp5, windows
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.7.3
Search vendor "Novell" for product "Edirectory" and version "8.7.3"
sp6, windows
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.7.3
Search vendor "Novell" for product "Edirectory" and version "8.7.3"
sp7, windows
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.7.3
Search vendor "Novell" for product "Edirectory" and version "8.7.3"
sp8, windows
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.7.3
Search vendor "Novell" for product "Edirectory" and version "8.7.3"
sp9, windows
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.7.3.8
Search vendor "Novell" for product "Edirectory" and version "8.7.3.8"
-
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.7.3.9
Search vendor "Novell" for product "Edirectory" and version "8.7.3.9"
-
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.8
Search vendor "Novell" for product "Edirectory" and version "8.8"
-
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.8
Search vendor "Novell" for product "Edirectory" and version "8.8"
sp1
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.8
Search vendor "Novell" for product "Edirectory" and version "8.8"
sp2
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.8
Search vendor "Novell" for product "Edirectory" and version "8.8"
sp3
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.8
Search vendor "Novell" for product "Edirectory" and version "8.8"
sp4
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.8.1
Search vendor "Novell" for product "Edirectory" and version "8.8.1"
-
Affected
Novell
Search vendor "Novell"
Edirectory
Search vendor "Novell" for product "Edirectory"
8.8.2
Search vendor "Novell" for product "Edirectory" and version "8.8.2"
-
Affected