Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Novell eDirectory < 8.8 SP5 Patch 4 Multiple Vulnerabilities

Medium

Synopsis

The remote directory service is vulnerable to multiple attack vectors.

Description

The remote host is running eDirectory, a directory service software from Novell.

Versions of eDirectory earlier than 8.8 SP5 Patch 4 are potentially affected by multiple vulnerabilities :

- A denial-of-service vulnerability in NDSD when handling a malformed verb. (Bug 571244)

- A stack-based buffer overflow in the dhost module for Windows. (Bug 588883)

- A predictable session cookie in DHOST. (Bug 586854)

Solution

Upgrade to eDirectory 8.8 SP5 Patch 4 or later.