Novell eDirectory < 8.8 SP5 Patch 4 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 5570
SynopsisThe remote directory service is vulnerable to multiple attack vectors.
DescriptionThe remote host is running eDirectory, a directory service software from Novell.
Versions of eDirectory earlier than 8.8 SP5 Patch 4 are potentially affected by multiple vulnerabilities :
- A denial-of-service vulnerability in NDSD when handling a malformed verb. (Bug 571244)
- A stack-based buffer overflow in the dhost module for Windows. (Bug 588883)
- A predictable session cookie in DHOST. (Bug 586854)
SolutionUpgrade to eDirectory 8.8 SP5 Patch 4 or later.