Novell EDirectory Multiple Vulnerabilities - Jul09 (Win) Network Vulnerability

Summary

This host is running Novell eDirectory and is prone to multiple vulnerabilities.

Impact

Successful exploitation allows attackers to crash the service leading to denial of service condition. Impact Level: Application

Solution

Upgrade to Novell eDirectory 8.8 SP5 or later http://www.novell.com/products/edirectory/

Insight

- An unspecified error occurs in DS\NDSD component while processing malformed LDAP request containing multiple . (dot) wildcard characters in the Relative Distinguished Name (RDN). - An unspecified error occurs in DS\NDSD component while processing malformed bind LDAP packets. - Off-by-one error occurs in the iMonitor component while processing malicious HTTP request with a crafted Accept-Language header.

Affected

Novell eDirectory 8.8 before SP5 on Windows.

References

http://secunia.com/advisories/34160
http://www.novell.com/support/viewContent.do?externalId=3426981
http://www.vupen.com/english/advisories/2009/1883

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0192, CVE-2009-2456, CVE-2009-2457

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

FreeType Memory Corruption and Buffer Overflow Vulnerabilities (Windows)
Apple iTunes Multiple Vulnerabilities
Cogent DataHub Integer Overflow Vulnerability
Active Perl Denial of Service Vulnerability Feb 2014 (Windows)
Firefox Browser Libxul Memory Leak Remote DoS Vulnerability - Win

Novell eDirectory Multiple Vulnerabilities - Jul09 (Win)

Take action and discover your vulnerabilities