CERT-In Vulnerability Note CIVN-2010-26
Novell eDirectory eMBox SOAP Request Denial of Service Vulnerability
Original Issue Date: February 18, 2010
Severity Rating:
Medium
System Affected
Overview
A vulnerability has been reported in Novell eDirectory , which could be exploited by a remoter attacker to cause Denial of Service (DoS) condition.
Description Novell eDirectory is an X.500-compatible directory service s for centrally managing access to resources on multiple servers and computers within a given network. Novell e-directory management Tool Box (eMBOX) lets access to all the attached e-directory back-end utilities remotely as well as on the server.
The vulnerability is in the SOAP interface to the eMBox module in Novell eDirectory, which can be exploited to cause eDirectory to crash via a specially crafted SOAP request.
Successful exploitation of this vulnerability could allow a remoter attacker cause Denial of Service (DoS) condition.
Solution
Update to eDirectory 8.8 SP5 Patch 3 Vendor Information
Novell
http://www.novell.com/support/viewContent.do?externalId=3426981
http://www.novell.com/documentation/edir873/?page=/
documentation/edir873/edir873/data/agabn4a.html
http://www.novell.com/products/edirectory/
References
Secunia
http://secunia.com/advisories/38491/
Securityfocus
http://www.securityfocus.com/bid/38157
VUPEN
http://www.vupen.com/english/advisories/2010/0334
CVE Name
CVE-2010-0166
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
