CVE-2008-0926 – Novell eDirectory 8.x - eMBox Utility 'edirutil' Command
https://notcve.org/view.php?id=CVE-2008-0926
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected. La interfaz SOAP en el módulo eMBox en Novell eDirectory versión 8.7.3.9 y anteriores, y versiones 8.8.x anteriores a 8.8.2, depende de la autenticación del lado del cliente, que permite a los atacantes remotos omitir la autenticación por medio de peticiones para los URI /SOAP y causar una denegación de servicio (apagado del demonio) o leer archivos arbitrarios. NOTA: más tarde se reportó que la versión 8.7.3.10 (también se conoce como versión 8.7.3 SP10) también está afectada. • https://www.exploit-db.com/exploits/31533 http://secunia.com/advisories/29527 http://www.securityfocus.com/archive/1/491621/100/0/threaded http://www.securityfocus.com/bid/28441 http://www.securitytracker.com/id?1019691 http://www.vupen.com/english/advisories/2008/0988/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41426 https://secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html • CWE-287: Improper Authentication •
CVE-2008-0924 – Novell eDirectory for Linux LDAP delRequest Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0924
Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field. El desbordamiento del búfer en la región stack de la memoria en la función DoLBURPRequest en libnldap en ndsd en Novell eDirectory versión 8.7.3.9 y anterior, y versión 8.8.1 y anterior en la serie 8.8.x, permite que los atacantes remotos causen una denegación de servicio (bloque del demonio o consumo de CPU) o ejecute un código arbitrario por medio de un largo mensaje de petición extendida delRequest LDAP, que probablemente incluya un campo largo Distinguished Name (DN). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory for Linux. Authentication is not required to exploit this vulnerability. The specific flaw exists in the libnldap library. When a large LDAP delRequest message is sent, a stack overflow occurs overwriting a function pointer. • http://secunia.com/advisories/29476 http://www.securityfocus.com/archive/1/490117/100/0/threaded http://www.securityfocus.com/bid/28434 http://www.securitytracker.com/id?1019692 http://www.vupen.com/english/advisories/2008/0987/references http://www.zerodayinitiative.com/advisories/ZDI-08-013 https://secure-support.novell.com/KanisaPlatform/Publishing/411/3382120_f.SAL_Public.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-4520
https://notcve.org/view.php?id=CVE-2006-4520
ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. ncp en Novell eDirectory anterior a 8.7.3 SP9, y 8.8.x anterior a 8.8.1 FTF2, no maneja adecuadamente fragmentos NCP con una longitud negativa, lo cual permite a atacantes remotos provocar una denegación de servicio (caída del demonio) cuando el montón se escribe a un fichero de registro de eventos. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=518 http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=3924657&sliceId=SAL_Public http://www.securityfocus.com/bid/23685 http://www.securitytracker.com/id?1017972 http://www.vupen.com/english/advisories/2007/1550 https://exchange.xforce.ibmcloud.com/vulnerabilities/33921 •
CVE-2006-5813
https://notcve.org/view.php?id=CVE-2006-5813
Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en Novell eDirectory 8.8 permite a atacantes provocar una denegación de servicio, como ha sido demostrado por vd_novell3.pm, un "ataque de denegación de servicio para Novell eDirectory 8.8". NOTA: a fecha de 8/11/2006, esta divulgación no tiene información relevante. • http://gleg.net/vulndisco_meta.shtml http://securitytracker.com/id?1017169 https://exchange.xforce.ibmcloud.com/vulnerabilities/30149 •
CVE-2006-4521
https://notcve.org/view.php?id=CVE-2006-4521
The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. La función BerDecodeLoginDataRequest en el módulo libnmasldap.so NMAS en Novell eDirectory 8.8 y 8.8.1 anterior al parche Security Services 2.0.3 no incrementa de forma adecuada el puntero cuando al manejar cierta entrada, lo cual permite a un atacante remoto provocar denegación de servicio (acceso a memoria inválido) a través de una respuesta de login manipulada • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=437 http://secunia.com/advisories/22660 http://securitytracker.com/id?1017140 http://www.securityfocus.com/bid/20842 http://www.vupen.com/english/advisories/2006/4293 https://exchange.xforce.ibmcloud.com/vulnerabilities/29963 •