Novell eDirectory < 8.8 SP3 Multiple Vulnerabilities (OF, XSS, MC)

Critical Nessus Plugin ID 34221


The remote directory service is affected by multiple vulnerabilities.


The remote host is running eDirectory, a directory service software from Novell. The installed version of Novell eDirectory is affected by multiple issues :

- NDS module is affected by a heap overflow vulnerability (Bugs 396819 and 396817).

- Windows installs of eDirectory NDS module are affected by a remote memory corruption vulnerability (Bug 373852).

- LDAP module is affected by a buffer overflow vulnerability (Bug 373853).

- Windows installs of eDirectory LDAP module are affected by a memory corruption DoS (Bug 359982).

- HTTPSTK is affected by two heap overflow vulnerabilities affecting 'Language' and 'Content Length' headers in HTTPSTK (Bugs 379882 and 379880).

- HTTPSTK is also affected by a cross-site scripting vulnerability (Bug 387429).


Upgrade to eDirectory 8.8 SP3 or later.

See Also

Plugin Details

Severity: Critical

ID: 34221

File Name: edirectory_88sp3_multiple_vulns.nasl

Version: $Revision: 1.17 $

Type: remote

Family: Misc.

Published: 2008/09/16

Modified: 2016/11/11

Dependencies: 25701

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:novell:edirectory

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-5091, CVE-2008-5092, CVE-2008-5093, CVE-2008-5094, CVE-2008-5095

BID: 30947

OSVDB: 48204, 48206, 48207, 48208, 48209, 48210, 48211, 50960

Secunia: 31684

CWE: 79, 119