icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Novell eDirectory < 8.8 SP5 Patch 4 Multiple Vulnerabilities

Medium

Synopsis

The remote directory service is vulnerable to multiple attack vectors.

Description

The remote host is running eDirectory, a directory service software from Novell.

Versions of eDirectory earlier than 8.8 SP5 Patch 4 are potentially affected by multiple vulnerabilities :

- A denial-of-service vulnerability in NDSD when handling a malformed verb. (Bug 571244)

- A stack-based buffer overflow in the dhost module for Windows. (Bug 588883)

- A predictable session cookie in DHOST. (Bug 586854)

Solution

Upgrade to eDirectory 8.8 SP5 Patch 4 or later.