Novell EDirectory Multiple Vulnerabilities (Linux) Network Vulnerability

Summary

This host is running Novell eDirectory, which is prone to XSS, Denial of Service, and Remote Code Execution Vulnerabilities.

Impact

Successful Remote exploitation will allow execution of arbitrary code, heap-based buffer overflow, Cross Site Scripting attacks, or cause memory corruption. Impact Level : System

Solution

Apply 8.8 Service Pack 3. http://download.novell.com/Download?buildid=RH_B5b3M6EQ~

Insight

Multiple flaw are due to, - errors in HTTP Protocol Stack that can be exploited to cause heap based buffer overflow via a specially crafted language/content-length headers. - input passed via unspecified parameters to the HTTP Protocol Stack is not properly sanitzed before being returned to the user. - Multiple unknown error exist in LDAP and NDS services.

Affected

Novell eDirectory 8.8 SP2 and prior versions on Linux (All).

References

http://secunia.com/advisories/31684
http://securitytracker.com/alerts/2008/Aug/1020785.html
http://securitytracker.com/alerts/2008/Aug/1020786.html
http://securitytracker.com/alerts/2008/Aug/1020787.html
http://securitytracker.com/alerts/2008/Aug/1020788.html

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

avast! 'aswRdr.sys' Buffer Overflow Vulnerability
CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability
AIMP ID3 Tag Buffer Overflow Vulnerability
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities
Adobe Reader 'mailListIsPdf' Buffer Overflow Vulnerability (Linux)

Novell eDirectory Multiple Vulnerabilities (Linux)

Take action and discover your vulnerabilities