Summary
This host is running Novell eDirectory and is prone to Multiple Vulnerabilities.
Impact
Successful exploitation allows remote code execution on the target machines or can allow disclosure of potentially sensitive information or can cause denial of service condition.
Impact Level: Application
Solution
Update to 8.8 Service Pack 3.
http://support.novell.com/patches.html
Insight
The flaws are due to
- boundary error in LDAP and NDS services.
- boundary error in HTTP language header and HTTP content-length header.
- HTTP protocol stack(HTTPSTK) that does not properly filter HTML code from user-supplied input.
Affected
Novell eDirectory 8.8 SP2 and prior on Linux.
References
- http://securitytracker.com/alerts/2008/Aug/1020785.html
- http://securitytracker.com/alerts/2008/Aug/1020786.html
- http://securitytracker.com/alerts/2008/Aug/1020787.html
- http://securitytracker.com/alerts/2008/Aug/1020788.html
- http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt
- http://www.novell.com/support/viewContent.do?externalId=3426981
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-5091, CVE-2008-5092, CVE-2008-5093, CVE-2008-5094 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
- CursorArts ZipWrangler 'ZIP Processing' Buffer Overflow Vulnerability
- Adobe Audition '.ses' Multiple Buffer Overflow Vulnerabilities (Windows)
- Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Mac OS X)
- Bopup Communication Server Remote Buffer Overflow Vulnerability