CVE-2008-0926
Novell eDirectory eMBox Unauthenticated File Access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
La interfaz SOAP en el módulo eMBox en Novell eDirectory versión 8.7.3.9 y anteriores, y versiones 8.8.x anteriores a 8.8.2, depende de la autenticación del lado del cliente, que permite a los atacantes remotos omitir la autenticación por medio de peticiones para los URI /SOAP y causar una denegación de servicio (apagado del demonio) o leer archivos arbitrarios. NOTA: más tarde se reportó que la versión 8.7.3.10 (también se conoce como versión 8.7.3 SP10) también está afectada.
Novell eDirectory versions 8.7.x through 8.8.1 suffer from an arbitrary access vulnerability due to client-side access control when using the SOAP interface.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-02-25 CVE Reserved
- 2008-03-28 CVE Published
- 2014-02-10 First Exploit
- 2024-08-07 CVE Updated
- 2025-05-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/491621/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/28441 | Vdb Entry | |
| http://www.securitytracker.com/id?1019691 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41426 | Vdb Entry | |
| https://secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/180897 | 2024-08-31 | |
| https://www.exploit-db.com/exploits/31533 | 2014-02-10 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29527 | 2018-10-15 | |
| http://www.vupen.com/english/advisories/2008/0988/references | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | <= 8.7.3.10 Search vendor "Novell" for product "Edirectory" and version " <= 8.7.3.10" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.5 Search vendor "Novell" for product "Edirectory" and version "8.5" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.5.12a Search vendor "Novell" for product "Edirectory" and version "8.5.12a" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.5.27 Search vendor "Novell" for product "Edirectory" and version "8.5.27" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.6.2 Search vendor "Novell" for product "Edirectory" and version "8.6.2" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7 Search vendor "Novell" for product "Edirectory" and version "8.7" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.1 Search vendor "Novell" for product "Edirectory" and version "8.7.1" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.1 Search vendor "Novell" for product "Edirectory" and version "8.7.1" | sp1 |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3 Search vendor "Novell" for product "Edirectory" and version "8.7.3" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3.8 Search vendor "Novell" for product "Edirectory" and version "8.7.3.8" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3.8_presp9 Search vendor "Novell" for product "Edirectory" and version "8.7.3.8_presp9" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.7.3.9 Search vendor "Novell" for product "Edirectory" and version "8.7.3.9" | - |
Affected
| ||||||
| Novell Search vendor "Novell" | Edirectory Search vendor "Novell" for product "Edirectory" | 8.8 Search vendor "Novell" for product "Edirectory" and version "8.8" | - |
Affected
| ||||||