Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

eDirectory < 8.8 SP5 Multiple Vulnerabilities

High

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running eDirectory, a directory service from Novell. The installed version is earlier than 8.8 SP5. Such versions are reportedly affected by multiple vulnerabilities :

- An HTTP request containing a specially crafted 'Accept-Language' header can trigger a stack-based buffer-overflow. This issue affects the iMonitor service. (Bug 484007/446342)

- A denial of service vulnerability exists when multiple wild-cards are used in RDN. (Bug 458504)

- A malformed bind LDAP packet can cause eDir to crash. (Bug 492592)

Solution

Upgrade to eDirectory 8.8 SP5 or later.