Page 5 of 31 results (0.013 seconds)

CVSS: 10.0EPSS: 23%CPEs: 11EXPL: 0

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of service and possibly execute arbitrary code via a sequence of "Get NCP Extension Information By Name" requests that cause one thread to operate on memory after it has been freed in another thread, which triggers memory corruption, aka Novell Bug 373852. Una vulnerabilidad de uso de memoria previamente liberada en la funcionalidad NetWare Core Protocol (NCP) en Novell eDirectory versiones 8.7.3 SP10 anteriores a 8.7.3 SP10 FTF1 y versión 8.8 SP2 para Windows, permite a los atacantes remotos causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de una secuencia de peticiones de "Get NCP Extension Information By Name" que causan que un hilo (subproceso) opere en memoria después de que se haya liberado en otro hilo (subproceso), lo que desencadena una corrupción de memoria, también se conoce como Novell Bug 373852. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=748 http://osvdb.org/48206 http://secunia.com/advisories/32395 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html http://www.novell.com/support/viewContent.do?externalId=3426981 http://www.securityfocus.com/bid/31956 http://www.securitytracker.com/id?1021117 http://www.vupen.com/english/advisories/2008/2937 https • CWE-416: Use After Free •

CVSS: 10.0EPSS: 92%CPEs: 27EXPL: 0

Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en dhost.exe en Novell eDirectory v8.8 anterior a v8.8.3, y v8.73 anterior a v8.7.3.10 ftf1, permite a atacantes remotos ejecutar código de su elección a través de (1) una cabecera "Content-Length" manipulada en una petición SOAP o (2) mediante un mensaje Netware Core Protocol opcode 0x0F, que lanza un desbordamiento de búfer basado en montículo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, the service responsible for directory replication which is bound by default to TCP port 524. Improper parsing within opcode 0x0F via the Netware Core Protocol can result in an arithmetic calculation based on supplied user-input resulting in an integer overflow that will be used to copy into a heap buffer. • http://secunia.com/advisories/32111 http://securityreason.com/securityalert/4406 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000087&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953 http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 96%CPEs: 4EXPL: 1

dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777. El archivo dhost.exe en Novell eDirectory versión 8.7.3 anterior a las versiones sp10 y 8.8.2 permite a los atacantes remotos provocar una denegación de servicio (consumo de CPU) por medio de una petición HTTP con (1) varios encabezados de conexión o (2) un encabezado de conexión con varios valores separados por comas. NOTA: esta vulnerabilidad podría ser similar a CVE-2008-1777. Novell eDirectory versions below 8.7.3 SP 10 and versions below 8.8.2 suffer from a denial of service related vulnerability. • https://www.exploit-db.com/exploits/5547 http://secunia.com/advisories/29805 http://www.novell.com/support/viewContent.do?externalId=3829452&sliceId=1 http://www.securityfocus.com/archive/1/491622/100/0/threaded http://www.securityfocus.com/bid/28757 http://www.securitytracker.com/id?1019836 http://www.vupen.com/english/advisories/2008/1217/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41787 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 41%CPEs: 13EXPL: 1

The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. La interfaz SOAP en el módulo eMBox en Novell eDirectory versión 8.7.3.9 y anteriores, y versiones 8.8.x anteriores a 8.8.2, depende de la autenticación del lado del cliente, que permite a los atacantes remotos omitir la autenticación por medio de peticiones para los URI /SOAP y causar una denegación de servicio (apagado del demonio) o leer archivos arbitrarios. NOTA: más tarde se reportó que la versión 8.7.3.10 (también se conoce como versión 8.7.3 SP10) también está afectada. • https://www.exploit-db.com/exploits/31533 http://secunia.com/advisories/29527 http://www.securityfocus.com/archive/1/491621/100/0/threaded http://www.securityfocus.com/bid/28441 http://www.securitytracker.com/id?1019691 http://www.vupen.com/english/advisories/2008/0988/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41426 https://secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 3%CPEs: 3EXPL: 0

ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. ncp en Novell eDirectory anterior a 8.7.3 SP9, y 8.8.x anterior a 8.8.1 FTF2, no maneja adecuadamente fragmentos NCP con una longitud negativa, lo cual permite a atacantes remotos provocar una denegación de servicio (caída del demonio) cuando el montón se escribe a un fichero de registro de eventos. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=518 http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3924657&sliceId=SAL_Public http://www.securityfocus.com/bid/23685 http://www.securitytracker.com/id?1017972 http://www.vupen.com/english/advisories/2007/1550 https://exchange.xforce.ibmcloud.com/vulnerabilities/33921 •