N/A

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852.

N/A

N/A

Novell eDirectory NCP Get扩展信息请求远程堆内存破坏漏洞

Novell eDirectory是一个的跨平台的目录服务器。 eDirectory可能会使用已经释放的堆内存区。如果远程攻击者发送了畸形数据的话，就可能导致由一个线程释放堆内存区，之后在另一个线程分配了相同内存区后重新使用，这样原始线程就会对已被第二个线程改变了的数据执行操作，导致以当前服务的权限执行任意指令。

N/A

N/A