Novell eDirectory eMBox Utility Unauthorized Access (uncredentialed check)

High Nessus Plugin ID 31851


The remote host has an application installed that allows unauthorized access to the system.


The remote host is running eDirectory, a popular directory service software from Novell.

A vulnerability in the eMBox utility included with the software allows an unauthenticated attacker to access local files or cause a denial of service condition.

Nessus was able to query the list of available eDirectory services on the remote host without using any credentials, see plugin output for more details.


Upgrade to eDirectory 8.8.2 or rename 'embox.nlm' and configure it to start manually.

See Also

Plugin Details

Severity: High

ID: 31851

File Name: edirectory_embox_unauth_access_remote.nasl

Version: $Revision: 1.20 $

Type: remote

Family: Misc.

Published: 2008/04/11

Modified: 2016/11/15

Dependencies: 10107

Risk Information

Risk Factor: High


Base Score: 8.8

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:novell:edirectory

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Reference Information

CVE: CVE-2008-0926

BID: 28441

OSVDB: 43690

Secunia: 29527

CWE: 287