Detections
Analytics
Novell eDirectory < 8.8.5.2 / 8.7.3.10 ftf2 'NDS Verb' Request Buffer Overflow
critical Nessus Plugin ID 43030
Language:
Synopsis
The remote directory service is affected by a remote buffer overflow vulnerability.Description
The remote host is running eDirectory, a directory service software from Novell.The installed version of eDirectory is affected by a remote buffer overflow vulnerability. By sending a specially crafted 'NDS Verb 0x1' request, it may be possible for an attacker to execute arbitrary code subject to the privileges of the affected service.
Solution
Upgrade to eDirectory 8.8.5.2 / 8.7.3.10 ftf2 or later.See Also
https://support.microfocus.com/kb/doc.php?id=7004912
http://web.archive.org/web/20150201082032/http://www.iss.net:80/threats/356.html
Plugin Details
Severity: Critical
ID: 43030
File Name: edirectory_nds_verb_overflow.nasl
Version: 1.7
Type: remote
Family: Misc.
Published: 12/7/2009
Updated: 11/15/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:novell:edirectory
Exploit Ease: No known exploits are available
Patch Publication Date: 12/1/2009
Vulnerability Publication Date: 12/1/2009
Reference Information
CVE: CVE-2009-0895
BID: 37184
CWE: 189