Detections
Analytics

eDirectory < 8.8.5.2/8.7.3.10 ftf2 'NDS Verb 0x1' Buffer Overflow

high Nessus Network Monitor Plugin ID 5251

Synopsis

The remote host is vulnerable to a remote command execution attack.

Description

The remote host is running eDirectory, a directory service from Novell. The installed version is earlier than 8.8 SP5 ftf2, or 8.7.3.10 ftf2. Such versions are potentially affected by a remote buffer overflow vulnerability when handling specially crafted 'NDS Verb 0x1' requests. An attacker, exploiting this flaw, could execute arbitrary commands on the host subject to the privileges of the affected software.

Solution

Upgrade to eDirectory 8.8 SP5 ftf2 / 8.7.3.10 ftf2 or later.

See Also

http://www.novell.com/support/viewContent.do?externalId=7004912

Plugin Details

Severity: High

ID: 5251

Family: Generic

Published: 12/4/2009

Updated: 3/6/2019

Nessus ID: 43030

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:novell:edirectory

Patch Publication Date: 12/1/2009

Vulnerability Publication Date: 12/1/2009

Reference Information

CVE: CVE-2009-0895

BID: 37184