Novell eDirectory 8.8.x Multiple Security Vulnerabilities

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote directory service is affected by multiple vulnerabilities.

Description :

The remote host is running eDirectory, a directory service software
from Novell. The installed version of Novell eDirectory is affected by
multiple issues :

- An unspecified cross-site scripting flaw exists.

- It is possible to trigger a remote denial of service
vulnerability by sending a malformed HTTP request.

- An unspecified flaw may allow a remote attacker to gain
access to administrator cookie information.

- There is an unspecified stack-based buffer overflow in
the Novell NCP implementation in eDirectory that has
unspecified impact. (CVE-2012-0432)

See also :

Solution :

Upgrade to eDirectory 8.8 SP6 Patch 7 / 8.8 SP7 Patch 2 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 63338 ()

Bugtraq ID: 57038

CVE ID: CVE-2012-0428