icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

eDirectory < 8.8 SP5 Multiple Vulnerabilities

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running eDirectory, a directory service from Novell. The installed version is earlier than 8.8 SP5. Such versions are reportedly affected by multiple vulnerabilities :

- An HTTP request containing a specially crafted 'Accept-Language' header can trigger a stack-based buffer-overflow. This issue affects the iMonitor service. (Bug 484007/446342)

- A denial of service vulnerability exists when multiple wild-cards are used in RDN. (Bug 458504)

- A malformed bind LDAP packet can cause eDir to crash. (Bug 492592)

Solution

Upgrade to eDirectory 8.8 SP5 or later.