CVE-2008-0926 – Novell eDirectory 8.x - eMBox Utility 'edirutil' Command
https://notcve.org/view.php?id=CVE-2008-0926
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. La interfaz SOAP en el módulo eMBox en Novell eDirectory versión 8.7.3.9 y anteriores, y versiones 8.8.x anteriores a 8.8.2, depende de la autenticación del lado del cliente, que permite a los atacantes remotos omitir la autenticación por medio de peticiones para los URI /SOAP y causar una denegación de servicio (apagado del demonio) o leer archivos arbitrarios. NOTA: más tarde se reportó que la versión 8.7.3.10 (también se conoce como versión 8.7.3 SP10) también está afectada. • https://www.exploit-db.com/exploits/31533 http://secunia.com/advisories/29527 http://www.securityfocus.com/archive/1/491621/100/0/threaded http://www.securityfocus.com/bid/28441 http://www.securitytracker.com/id?1019691 http://www.vupen.com/english/advisories/2008/0988/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41426 https://secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html • CWE-287: Improper Authentication •
CVE-2008-0924 – Novell eDirectory for Linux LDAP delRequest Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0924
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. El desbordamiento del búfer en la región stack de la memoria en la función DoLBURPRequest en libnldap en ndsd en Novell eDirectory versión 8.7.3.9 y anterior, y versión 8.8.1 y anterior en la serie 8.8.x, permite que los atacantes remotos causen una denegación de servicio (bloque del demonio o consumo de CPU) o ejecute un código arbitrario por medio de un largo mensaje de petición extendida delRequest LDAP, que probablemente incluya un campo largo Distinguished Name (DN). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP delRequest message is sent, a stack overflow occurs overwriting a function pointer. • http://secunia.com/advisories/29476 http://www.securityfocus.com/archive/1/490117/100/0/threaded http://www.securityfocus.com/bid/28434 http://www.securitytracker.com/id?1019692 http://www.vupen.com/english/advisories/2008/0987/references http://www.zerodayinitiative.com/advisories/ZDI-08-013 https://secure-support.novell.com/KanisaPlatform/Publishing/411/3382120_f.SAL_Public.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-4520
https://notcve.org/view.php?id=CVE-2006-4520
ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. ncp en Novell eDirectory anterior a 8.7.3 SP9, y 8.8.x anterior a 8.8.1 FTF2, no maneja adecuadamente fragmentos NCP con una longitud negativa, lo cual permite a atacantes remotos provocar una denegación de servicio (caída del demonio) cuando el montón se escribe a un fichero de registro de eventos. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=518 http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3924657&sliceId=SAL_Public http://www.securityfocus.com/bid/23685 http://www.securitytracker.com/id?1017972 http://www.vupen.com/english/advisories/2007/1550 https://exchange.xforce.ibmcloud.com/vulnerabilities/33921 •
CVE-2006-4177
https://notcve.org/view.php?id=CVE-2006-4177
Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. Desbordamiento de búfer basado en montículo en el motor NCP en Novell eDirectory anterior a 8.8.1 FTF1 permite a atacantes remotos ejecutar código de su elección mediante un paquete artesanal NCP sobre IP que provoca que NCP lea más información de la deseada. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=426 http://secunia.com/advisories/22506 http://securitytracker.com/id?1017104 http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974600.htm http://www.securityfocus.com/bid/20664 http://www.vupen.com/english/advisories/2006/4142 https://exchange.xforce.ibmcloud.com/vulnerabilities/29768 •
CVE-2002-1552
https://notcve.org/view.php?id=CVE-2002-1552
Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. • http://marc.info/?l=bugtraq&m=103712498905027&w=2 http://marc.info/?l=bugtraq&m=103712790808781&w=2 http://www.securityfocus.com/bid/6163 https://exchange.xforce.ibmcloud.com/vulnerabilities/10604 •