Novell eDirectory eMBox Utility Unauthorized Access (uncredentialed check)

high Nessus Plugin ID 31851

Synopsis

The remote host has an application installed that allows unauthorized access to the system.

Description

The remote host is running eDirectory, a popular directory service software from Novell.

A vulnerability in the eMBox utility included with the software allows an unauthenticated attacker to access local files or cause a denial of service condition.

Nessus was able to query the list of available eDirectory services on the remote host without using any credentials, see plugin output for more details.

Solution

Upgrade to eDirectory 8.8.2 or rename 'embox.nlm' and configure it to start manually.

See Also

https://seclists.org/bugtraq/2008/May/54

https://support.microfocus.com/kb/doc.php?id=3477912

Plugin Details

Severity: High

ID: 31851

File Name: edirectory_embox_unauth_access_remote.nasl

Version: 1.22

Type: remote

Family: Misc.

Published: 4/11/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.8

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:C

Vulnerability Information

CPE: cpe:/a:novell:edirectory

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Reference Information

CVE: CVE-2008-0926

BID: 28441

CWE: 287

Secunia: 29527