Novell EDirectory Multiple Vulnerabilities Nov08 - (Linux) Network Vulnerability

Summary

This host is running Novell eDirectory and is prone to Multiple Vulnerabilities.

Impact

Successful exploitation allows remote code execution on the target machines or can allow disclosure of potentially sensitive information or can cause denial of service condition. Impact Level: Application

Solution

Update to 8.8 Service Pack 3. http://support.novell.com/patches.html

Insight

The flaws are due to - boundary error in LDAP and NDS services. - boundary error in HTTP language header and HTTP content-length header. - HTTP protocol stack(HTTPSTK) that does not properly filter HTML code from user-supplied input.

Affected

Novell eDirectory 8.8 SP2 and prior on Linux.

References

http://securitytracker.com/alerts/2008/Aug/1020785.html
http://securitytracker.com/alerts/2008/Aug/1020786.html
http://securitytracker.com/alerts/2008/Aug/1020787.html
http://securitytracker.com/alerts/2008/Aug/1020788.html
http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt
http://www.novell.com/support/viewContent.do?externalId=3426981

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5091, CVE-2008-5092, CVE-2008-5093, CVE-2008-5094
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

BarCodeWiz 'BarcodeWiz.dll' ActiveX Control BOF Vulnerability
Adobe Reader 'Plug-in' Buffer Overflow Vulnerability (Mac OS X)
CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability
Asterisk HTTP Manager Buffer Overflow Vulnerability
Cscope putstring Multiple Buffer Overflow vulnerability

Novell eDirectory Multiple Vulnerabilities Nov08 - (Linux)

Take action and discover your vulnerabilities