Detections
Analytics

Novell eDirectory < 8.8 SP5 Multiple Vulnerabilities

medium Nessus Plugin ID 39805

Language:

Synopsis

The remote directory service is affected by multiple vulnerabilities.

Description

The remote host is running eDirectory, a directory service software from Novell. The installed version of this software is affected by multiple issues :

 - Malformed bind LDAP packet causes eDir crash.
 (Bug 492692)

 - The use of multiple wildcards in RDNs can trigger a remote denial of service vulnerability. (Bug 458504)

 - An HTTP request containing a specially crafted 'Accept-Language' header can trigger a stack-based buffer overflow. This issue affects the iMonitor service. (Bugs 484007 and 446342)

Solution

Upgrade to eDirectory 8.8 SP5 or later.

See Also

https://secuniaresearch.flexerasoftware.com/secunia_research/2009-13/

https://support.microfocus.com/kb/doc.php?id=3426981

Plugin Details

Severity: Medium

ID: 39805

File Name: edirectory_88sp5_multiple_vulns.nasl

Version: 1.13

Type: remote

Family: Misc.

Published: 7/15/2009

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:novell:edirectory

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/12/2009

Vulnerability Publication Date: 7/14/2009

Reference Information

CVE: CVE-2009-0192, CVE-2009-2456, CVE-2009-2457

BID: 35666

CWE: 189, 94

Secunia: 34160