Summary
This host is running Novell eDirectory, which is prone to XSS, Denial of Service, and Remote Code Execution Vulnerabilities.
Impact
Successful Remote exploitation will allow execution of arbitrary code, heap-based buffer overflow, Cross Site Scripting attacks, or cause memory corruption.
Impact Level : System
Solution
Apply 8.8 Service Pack 3.
http://download.novell.com/Download?buildid=RH_B5b3M6EQ~
Insight
Multiple flaw are due to,
- errors in HTTP Protocol Stack that can be exploited to cause heap based buffer overflow via a specially crafted language/content-length headers.
- input passed via unspecified parameters to the HTTP Protocol Stack is not properly sanitzed before being returned to the user.
- Multiple unknown error exist in LDAP and NDS services.
Affected
Novell eDirectory 8.8 SP2 and prior versions on Windows 2000/2003.
References
Severity
Classification
-
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)