eDirectory < 8.8 SP5 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 5098
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running eDirectory, a directory service from Novell. The installed version is earlier than 8.8 SP5. Such versions are reportedly affected by multiple vulnerabilities :
- An HTTP request containing a specially crafted 'Accept-Language' header can trigger a stack-based buffer-overflow. This issue affects the iMonitor service. (Bug 484007/446342)
- A denial of service vulnerability exists when multiple wild-cards are used in RDN. (Bug 458504)
- A malformed bind LDAP packet can cause eDir to crash. (Bug 492592)
SolutionUpgrade to eDirectory 8.8 SP5 or later.