Novell eDirectory version 8.8 SP5 contains a vulnerability in the Dhost HTTP server that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is due to an unspecified error in the Dhost HTTP server. An attacker could exploit the vulnerability by sending crafted input to the Dhost HTTP server port. After processing the attacker-supplied data, the Dhost HTTP server stops accepting new requests and uses all the available CPU resources on the system. This action could result in a DoS condition on the affected application.
Functional exploit code is publicly available.
Novell has not confirmed this vulnerability and updated software is not available.