Vulnerability Details - Title: Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability - ID: ZDI-09-075, ZDI-CAN-513 - CVE ID: CVE-2009-3862 - CVSS Score: Not specified in the screenshot - Affected Vendor: Novell - Affected Products: eDirectory - Vulnerability Type: Denial of Service (DoS) - Description: This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The flaw exists in Novell's eDirectory Server's LDAP implementation when processing a search request with an undefined BaseDN. - Trend Micro Customer Protection: Trend Micro TippingPoint IPS customers are protected by protection filter ID '9234'. - Additional Details: Novell has issued an update to correct this vulnerability. Details can be found at: http://www.novell.com/support/. - Disclosure Timeline: - 2009-07-14: Vulnerability reported to vendor - 2009-11-02: Coordinated public release of advisory - Credit: Anonymous