Novell eDirectory eMBox Utility Unauthorized Access

high Nessus Plugin ID 31850

Synopsis

The remote host has an application installed that may allow unauthorized access to the system.

Description

The remote host is running eDirectory, a popular directory service software from Novell.

A vulnerability in the eMBox utility included with the software, may allow an unauthenticated attacker to access local files or cause a denial of service condition.

Solution

Upgrade to eDirectory 8.8.2 or rename 'embox.nlm'.

See Also

https://seclists.org/bugtraq/2008/May/54

https://support.microfocus.com/kb/doc.php?id=3477912

Plugin Details

Severity: High

ID: 31850

File Name: edirectory_embox_unauth_access.nasl

Version: 1.18

Type: local

Agent: windows

Family: Windows

Published: 4/11/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.8

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:C

Vulnerability Information

CPE: cpe:/a:novell:edirectory

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-0926

BID: 28441

CWE: 287

Secunia: 29527