Detections
Analytics

Novell eDirectory < 8.8 SP3 Multiple Vulnerabilities (OF, XSS, MC)

critical Nessus Plugin ID 34221

Language:

Synopsis

The remote directory service is affected by multiple vulnerabilities.

Description

The remote host is running eDirectory, a directory service software from Novell. The installed version of Novell eDirectory is affected by multiple issues :

 - NDS module is affected by a heap overflow vulnerability (Bugs 396819 and 396817).

 - Windows installs of eDirectory NDS module are affected by a remote memory corruption vulnerability (Bug 373852).

 - LDAP module is affected by a buffer overflow vulnerability (Bug 373853).

 - Windows installs of eDirectory LDAP module are affected by a memory corruption DoS (Bug 359982).

 - HTTPSTK is affected by two heap overflow vulnerabilities affecting 'Language' and 'Content Length' headers in HTTPSTK (Bugs 379882 and 379880).

 - HTTPSTK is also affected by a cross-site scripting vulnerability (Bug 387429).

Solution

Upgrade to eDirectory 8.8 SP3 or later.

See Also

https://support.microfocus.com/kb/doc.php?id=3426981

Plugin Details

Severity: Critical

ID: 34221

File Name: edirectory_88sp3_multiple_vulns.nasl

Version: 1.19

Type: remote

Family: Misc.

Published: 9/16/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:novell:edirectory

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-5091, CVE-2008-5092, CVE-2008-5093, CVE-2008-5094, CVE-2008-5095

BID: 30947

CWE: 119, 79

Secunia: 31684