Detections
Analytics

Novell eDirectory < 8.7.3 SP10 FTF1 Multiple Vulnerabilities

critical Nessus Plugin ID 34349

Language:

Synopsis

The remote directory service is affected by multiple vulnerabilities.

Description

The remote host is running eDirectory, a directory service software from Novell. The installed version of Novell eDirectory is affected by multiple heap overflows and denial of service vulnerabilities :

 - DS module is affected by two heap overflow vulnerabilities (Bugs 407275, 407256).

 - EMBOX module is affected by two denial of service vulnerabilities (Bugs 407243, 407245).

Solution

Upgrade to eDirectory 8.7.3 SP10 FTF1 or later.

See Also

https://www.securityfocus.com/archive/1/497164/30/0/threaded

https://www.securityfocus.com/archive/1/497165/30/0/threaded

https://www.securityfocus.com/archive/1/497169/30/0/threaded

https://support.microfocus.com/kb/doc.php?id=3477912

https://www.zerodayinitiative.com/advisories/ZDI-08-063/

https://www.zerodayinitiative.com/advisories/ZDI-08-064/

https://www.zerodayinitiative.com/advisories/ZDI-08-065/

https://www.zerodayinitiative.com/advisories/ZDI-08-066/

https://www.securityfocus.com/archive/1/497163/30/0/threaded

Plugin Details

Severity: Critical

ID: 34349

File Name: edirectory_873sp10_multiple_vulns.nasl

Version: 1.14

Type: remote

Family: Misc.

Published: 10/7/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:novell:edirectory

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-4478, CVE-2008-4479, CVE-2008-4480

BID: 31553

CWE: 119, 189