Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0926

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0926
Last Modified 01 Apr 2011 12:00:00
Published 28 Mar 2008 02:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0926

Summary

The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.

Vulnerable Systems

Application

  • Novell Edirectory 8.5

  • Novell Edirectory 8.5.12a

  • Novell Edirectory 8.5.27

  • Novell Edirectory 8.6.2

  • Novell Edirectory 8.7

  • Novell Edirectory 8.7.1

  • Novell Edirectory 8.7.3

  • Novell Edirectory 8.7.3.10

  • Novell Edirectory 8.7.3.8

  • Novell Edirectory 8.7.3.8 Presp9

  • Novell Edirectory 8.7.3.9

  • Novell Edirectory 8.8


References

CONFIRM - https://secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html

XF - novell-edirectory-embox-unspecified(41426)

VUPEN - ADV-2008-0988

SECTRACK - 1019691

BID - 28441

BUGTRAQ - 20080505 Novell eDirectory unauthenticated access to SOAP interface

SECUNIA - 29527


Last Updated: 27 May 2016 10:46:58