Novell EDirectory Multiple Vulnerabilities - Jul09 (Linux) Network Vulnerability

Summary

This host is running Novell eDirectory and is prone to multiple vulnerabilities.

Impact

Successful exploitation allows attackers to crash the service leading to denial of service condition. Impact Level: Application

Solution

Upgrade to Novell eDirectory 8.8 SP5 or later http://www.novell.com/products/edirectory/

Insight

- An unspecified error occurs in DS\NDSD component while processing malformed LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). - An unspecified error occurs in DS\NDSD component while processing malformed bind LDAP packets. - Off-by-one error occurs in the iMonitor component while processing malicious HTTP request with a crafted Accept-Language header.

Affected

Novell eDirectory 8.8 before SP5 on Linux.

References

http://secunia.com/advisories/34160
http://www.novell.com/support/viewContent.do?externalId=3426981
http://www.vupen.com/english/advisories/2009/1883

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0192, CVE-2009-2456, CVE-2009-2457

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Comodo Internet Security Denial of Service Vulnerability July 13
Dopewars Server 'REQUESTJET' Message Remote Denial of Service Vulnerability
Denial of Service vulnerability in AVG Anti-Virus (Linux)
ClamAV 'cli_pdf()' and 'cli_scanicon()' Denial of Service Vulnerabilities (Win
Apache Tomcat Content-Type Header Denial Of Service Vulnerability

Novell eDirectory Multiple Vulnerabilities - Jul09 (Linux)

Take action and discover your vulnerabilities