Novell SecureLogin < 6.0.106 Multiple Vulnerabilities

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is affected by
multiple issues.

Description :

The version of Novell SecureLogin installed on the remote host is
earlier than 6.0.106. Such versions reportedly grant a user excessive
permissions to their own attributes in an Active Directory (AD)
environment.

There is also a security issue with AD password change.

Note that Novell strongly recommends the patch be applied if operating
in an Active Directory environment regardless of whether SecureLogin
is deployed in eDirectory or AD mode.

See also :

http://www.nessus.org/u?b56c5a09

Solution :

Apply Novell SecureLogin 6.0.106 patch or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 25125 ()

Bugtraq ID: 23547

CVE ID: CVE-2007-2475
CVE-2007-2476

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now