Novell EDirectory Multiple Vulnerabilities - Jul09 (Win) Network Vulnerability

Summary

This host is running Novell eDirectory and is prone to multiple vulnerabilities.

Impact

Successful exploitation allows attackers to crash the service leading to denial of service condition. Impact Level: Application

Solution

Upgrade to Novell eDirectory 8.8 SP5 or later http://www.novell.com/products/edirectory/

Insight

- An unspecified error occurs in DS\NDSD component while processing malformed LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). - An unspecified error occurs in DS\NDSD component while processing malformed bind LDAP packets. - Off-by-one error occurs in the iMonitor component while processing malicious HTTP request with a crafted Accept-Language header.

Affected

Novell eDirectory 8.8 before SP5 on Windows.

References

http://secunia.com/advisories/34160
http://www.novell.com/support/viewContent.do?externalId=3426981
http://www.vupen.com/english/advisories/2009/1883

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0192, CVE-2009-2456, CVE-2009-2457
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ddrLPD Remote Denial of Service Vulnerability
Dell OpenManage Web Server <= 3.7.1
Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability
Firefox XUL Parsing Denial of Service Vulnerability (Win)
Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability

Novell eDirectory Multiple Vulnerabilities - Jul09 (Win)

Take action and discover your vulnerabilities