eDirectory
======================================================================
Secunia Research 14/07/2009
- Novell eDirectory iMonitor "Accept-Language" Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
ZDI-11-060: Novell eDirectory Malformed NCP Request Denial of Service Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-060
February 7, 2011
-- CVE ID:
CVE-2010-4327
-- CVSS:
ZDI-09-075: Novell eDirectory LDAP Null Base DN Denial of Service Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-075
November 2, 2009
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
ZDI-10-189: Novell eDirectory Server Malformed Index Denial of Service Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-189
October 1, 2010
-- CVSS:
7.8, (AV:N/AC:L/Au:N/C:N/I:N/A:C)
-- Affected Vendors:
Novell
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 09, 2008
I. BACKGROUND
Novell eDirectory is cross-platform directory server that implements the
Lightweight Directory Access Protocol (LDAP). The search request is used
to search a directory tree for objects that match a search filter. For
more information, see the vendor's site found at the following URL.
http://www.novell.com/products/edirectory/
ZDI-08-041: Novell eDirectory dhost Integer Overflow Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-041
July 10, 2008
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-065
October 8, 2008
-- CVE ID:
CVE-2008-4478
-- Affected Vendors:
Novell
ZDI-08-013: Novell eDirectory for Linux Stack Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-013
March 26, 2008
-- CVE ID:
CVE-2008-0924
-- Affected Vendors:
Novell
ZDI-10-024: Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-024
March 2, 2010
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-063
October 8, 2008
-- CVE ID:
CVE-2008-4478
-- Affected Vendors:
Novell
ZDI-08-064: Novell eDirectory dhost.exe Accept Language Header Heap
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-064
October 8, 2008
-- CVE ID:
CVE-2008-4479
-- Affected Vendors:
Novell
ZDI-08-066: Novell eDirectory Core Protocol Opcode 0x24 Heap Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-066
October 8, 2008
-- CVE ID:
CVE-2008-4480
-- Affected Vendors:
Novell
Affected Software:
Novell eDirectory 8.8 SP5
Vulnerability Description:
Novell eDirectory 8.8 SP5 is vulnerable to a denial of service attack.
If a remote attacker sends Unicode strings with Http Request to "8028 port"
("8028" is the default port of Novell eDirectory Dhost Http Server),
the attacker can cause the system to consume 100% of the CPU resources.
Credits to:
Novell iManager is a Web-based administration console that provides
customized secure access to network administration utilities and
content from any location in the world. With iManager you can manage
Novell Open Enterprise Server, Novell Identity Manager, Novell
eDirectory and many other Novell and third-party services from a web
browser. Novell iManager is prone to a stack-based buffer overflow
vulnerability that can be exploited by authenticated users to execute
arbitrary code, and to an off-by-one error that can be abused by
remote, unauthenticated attackers to cause a Denial of Service to the
application.
nSense Vulnerability Research Security Advisory NSENSE-2011-002
---------------------------------------------------------------
Affected Vendor: Novell
Affected Product: Netware, eDirectory
Platform: Netware / Linux
Impact: Remote Denial of Service
Vendor response: Patch
CVE: None
Credit: Knud / nSense
#####################################################################################
Application: Novell Edirectory 8.8 SP5
Platforms: Windows 2003 Server
Exploitation: XSS
Date: 2009-09-23
Vendor: Novell
Product: eDirectory for Windows
Version: 8.8 SP5
Vulnerability: Stack Overflow
Description:
[=] Affected software :
Editor : Novell
Name : eDirectory
Version : 8.7.x (see note) and < 8.8.2
Services : TCP/8028 (HTTP) and TCP/8030 (HTTPS)
[=] External references :
http://www.novell.com/support/viewContent.do?externalId=3866911&sliceId=1
I. BACKGROUND
The Novell Client software provides a workstation with access to Novell
NetWare networks as well as Novell Open Enterprise Server (OES)
services. Novell Clients can access the full range of Novell services
such as authentication via Novell eDirectory, network browsing and
service resolution, and secure and reliable file system access. More
information about the Novel Client can be found on the vendor's site at
the following URL.
http://www.novell.com/products/clients/
I. BACKGROUND
The Novell Client software provides a workstation with access to Novell
NetWare networks as well as Novell Open Enterprise Server (OES)
services. Novell Clients can access the full range of Novell services
such as authentication via Novell eDirectory, network browsing and
service resolution, and secure and reliable file system access. More
information about the Novel Client can be found on the vendor's web
site at the following URL.
http://www.novell.com/products/clients/
Product:
Novell eDirectory 8.8 SP5 for Windows
Vulnerability Type:
Buffer Overflow
Attack Vector:
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell Cloud Manager. Authentication is not
required to exploit this vulnerability.
Product:
Novell eDirectory 8.8 sp5 for Windows
********************************************************************************
Vulnerability:
Denial of Service
-- Affected Vendors:
Novell
-- Affected Products:
Novell eDirectory
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell Platespin Orchestrate. Authentication
is not required to exploit this vulnerability.
Messenger Client are vulnerable.
.:: BACKGROUND
Novell GroupWise Messenger is a corporate instant messaging product that uses
Novell eDirectory? as its user database
More info: http://www.novell.com
.:: VULNERABILITY VIDEO DEMO
SLP (Service Location Protocol) is defined by RFC 2165 and RFC 2608.
OpenSLP (the reference implementation) and others SLP softwares (like
mSLP) are vulnerable to a denial of service vulnerability (CVE-2010-3609
aka CERT VU#393783). The affected softwares include VMware ESX and ESXi,
Novell eDirectory, several SAN manufacturers, some Linux
distributions, ...
Here's a PoC triggering this vulnerability via either unicast (TCP or
UDP), broadcast and multicast : http://www.agarri.fr/docs/SLPick.py
A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows. The vulnerability could result in a local disclosure of information.
References: CVE-2008-3539
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory Connector v 1.70.003 and earlier
HPSI Active Directory Connector v 2.10.002 and earlier
HPSI Active Directory Connector v 2.20.xxx and v2.30.xxx and earlier
HPSI SunOne Connector v 1.14 and earlier
HPSI eDirectory Connector v 1.12 and earlier
HPSI eTrust Connector v 1.02 and earlier
A potential security vulnerability has been identified with HP OpenView Select Identity (HPSI) Connectors running on Windows. The vulnerability could result in a local disclosure of information.
References: CVE-2008-3539
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory Connector v 1.70.003 and earlier
HPSI Active Directory Connector v 2.10.002 and earlier
HPSI Active Directory Connector v 2.20.xxx and v2.30.xxx and earlier
HPSI SunOne Connector v 1.14 and earlier
HPSI eDirectory Connector v 1.12 and earlier
HPSI eTrust Connector v 1.02 and earlier
[=] Affected software :
Editor : Novell
Name : eDirectory
Version : < 8.7.3 SP 10 and < 8.8.2
Services : TCP/8028 (HTTP) and TCP/8030 (HTTPS)
[=] External references :
http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1
ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-001
January 7, 2010
-- CVE ID:
CVE-2009-4486
-- Affected Vendors:
Novell
|
