Novell eDirectory Multiple Buffer Overflow And Cross-Site Scripting Vulnerabilities
BID:30947
Info
Novell eDirectory Multiple Buffer Overflow And Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 30947 |
| Class: | Unknown |
| CVE: |
CVE-2008-5095 CVE-2008-5094 CVE-2008-5093 CVE-2008-5092 CVE-2008-5091 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 28 2008 12:00AM |
| Updated: | Nov 18 2008 06:54PM |
| Credit: | Novell |
| Vulnerable: |
Novell Open Enterprise Server (OES) 0 Novell Open Enterprise Server 2 Novell Netware 6.5 SP7 Novell Netware 6.5 SP6 Novell eDirectory 8.8 SP2 Novell eDirectory 8.8 SP1 Novell eDirectory 8.8 |
| Not Vulnerable: |
Novell eDirectory 8.8 SP3 |
Discussion
Novell eDirectory Multiple Buffer Overflow And Cross-Site Scripting Vulnerabilities
Novell eDirectory is prone to multiple buffer-overflow and multiple cross-site scripting vulnerabilities.
Successful exploits of buffer-overflow vulnerabilities may allow attackers to execute arbitrary code in the context of the application. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.
Exploiting cross-site scripting vulnerabilities may allow an attacker to steal cookie-based information or execute script code in the context of the browser of an unsuspecting user.
Versions prior to Novell eDirectory 8.8 SP3 are vulnerable.
Novell eDirectory is prone to multiple buffer-overflow and multiple cross-site scripting vulnerabilities.
Successful exploits of buffer-overflow vulnerabilities may allow attackers to execute arbitrary code in the context of the application. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.
Exploiting cross-site scripting vulnerabilities may allow an attacker to steal cookie-based information or execute script code in the context of the browser of an unsuspecting user.
Versions prior to Novell eDirectory 8.8 SP3 are vulnerable.
Exploit / POC
Novell eDirectory Multiple Buffer Overflow And Cross-Site Scripting Vulnerabilities
An attacker can exploit the cross-site scripting issues by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit the cross-site scripting issues by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Novell eDirectory Multiple Buffer Overflow And Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released fixes. Please see the references for more information.
Solution:
The vendor has released fixes. Please see the references for more information.
References
Novell eDirectory Multiple Buffer Overflow And Cross-Site Scripting Vulnerabilities
References:
References:
- eDirectory Product Homepage (Novell)
- History of Issues Resolved in eDirectory 8.8 (Novell)