Novell Edirectory
======================================================================
Secunia Research 14/07/2009
- Novell eDirectory iMonitor "Accept-Language" Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
ZDI-09-075: Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-075
November 2, 2009
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-063
October 8, 2008
-- CVE ID:
CVE-2008-4478
-- Affected Vendors:
Novell
ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-064
October 8, 2008
-- CVE ID:
CVE-2008-4479
-- Affected Vendors:
Novell
ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-065
October 8, 2008
-- CVE ID:
CVE-2008-4478
-- Affected Vendors:
Novell
ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-066
October 8, 2008
-- CVE ID:
CVE-2008-4480
-- Affected Vendors:
Novell
ZDI-10-024: Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-024
March 2, 2010
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
Affected Software:
Novell eDirectory 8.8 SP5
Vulnerability Description:
Novell eDirectory 8.8 SP5 is vulnerable to a denial of service attack.
If a remote attacker sends Unicode strings with Http Request to "8028 port"
("8028" is the default port of Novell eDirectory Dhost Http Server),
the attacker can cause the system to consume 100% of the CPU resources.
Credits to:
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 09, 2008
I. BACKGROUND
Novell eDirectory is cross-platform directory server that implements the
Lightweight Directory Access Protocol (LDAP). The search request is used
to search a directory tree for objects that match a search filter. For
more information, see the vendor's site found at the following URL.
http://www.novell.com/products/edirectory/
ZDI-08-041: Novell eDirectory dhost Integer Overflow Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-041
July 10, 2008
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
ZDI-08-013: Novell eDirectory for Linux Stack Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-013
March 26, 2008
-- CVE ID:
CVE-2008-0924
-- Affected Vendors:
Novell
#####################################################################################
Application: Novell Edirectory 8.8 SP5
Platforms: Windows 2003 Server
Exploitation: XSS
Date: 2009-09-23
Novell iManager is a Web-based administration console that provides
customized secure access to network administration utilities and
content from any location in the world. With iManager you can manage
Novell Open Enterprise Server, Novell Identity Manager, Novell
eDirectory and many other Novell and third-party services from a web
browser. Novell iManager is prone to a stack-based buffer overflow
vulnerability that can be exploited by authenticated users to execute
arbitrary code, and to an off-by-one error that can be abused by
remote, unauthenticated attackers to cause a Denial of Service to the
application.
[=] Affected software :
Editor : Novell
Name : eDirectory
Version : 8.7.x (see note) and < 8.8.2
Services : TCP/8028 (HTTP) and TCP/8030 (HTTPS)
[=] External references :
http://www.novell.com/support/viewContent.do?externalId=3866911&sliceId=1
Vendor: Novell
Product: eDirectory for Windows
Version: 8.8 SP5
Vulnerability: Stack Overflow
Description:
Product:
Novell eDirectory 8.8 sp5 for Windows
********************************************************************************
Vulnerability:
Denial of Service
Product:
Novell eDirectory 8.8 SP5 for Windows
Vulnerability Type:
Buffer Overflow
Attack Vector:
Messenger Client are vulnerable.
.:: BACKGROUND
Novell GroupWise Messenger is a corporate instant messaging product that uses
Novell eDirectory? as its user database
More info: http://www.novell.com
.:: VULNERABILITY VIDEO DEMO
I. BACKGROUND
The Novell Client software provides a workstation with access to Novell
NetWare networks as well as Novell Open Enterprise Server (OES)
services. Novell Clients can access the full range of Novell services
such as authentication via Novell eDirectory, network browsing and
service resolution, and secure and reliable file system access. More
information about the Novel Client can be found on the vendor's site at
the following URL.
http://www.novell.com/products/clients/
I. BACKGROUND
The Novell Client software provides a workstation with access to Novell
NetWare networks as well as Novell Open Enterprise Server (OES)
services. Novell Clients can access the full range of Novell services
such as authentication via Novell eDirectory, network browsing and
service resolution, and secure and reliable file system access. More
information about the Novel Client can be found on the vendor's web
site at the following URL.
http://www.novell.com/products/clients/
A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows. The vulnerability could result in a local disclosure of information.
References: CVE-2008-3539
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory Connector v 1.70.003 and earlier
HPSI Active Directory Connector v 2.10.002 and earlier
HPSI Active Directory Connector v 2.20.xxx and v2.30.xxx and earlier
HPSI SunOne Connector v 1.14 and earlier
HPSI eDirectory Connector v 1.12 and earlier
HPSI eTrust Connector v 1.02 and earlier
ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-001
January 7, 2010
-- CVE ID:
CVE-2009-4486
-- Affected Vendors:
Novell
A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows. The vulnerability could result in a local disclosure of information.
References: CVE-2008-3539
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory Connector v 1.70.003 and earlier
HPSI Active Directory Connector v 2.10.002 and earlier
HPSI Active Directory Connector v 2.20.xxx and v2.30.xxx and earlier
HPSI SunOne Connector v 1.14 and earlier
HPSI eDirectory Connector v 1.12 and earlier
HPSI eTrust Connector v 1.02 and earlier
[=] Affected software :
Editor : Novell
Name : eDirectory
Version : < 8.7.3 SP 10 and < 8.8.2
Services : TCP/8028 (HTTP) and TCP/8030 (HTTPS)
[=] External references :
http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1
|
