[SA32111] Novell eDirectory Multiple Vulnerabilities

Les derniers commentaires publiés sur SecuObs (1-5):

- Vidéo : Man In the Middle Attacks in a Virtual World - RAutor: Windows rdp session recorder - Vidéo : Retrieving Forum Passwords with Backtrack - Quelques antennes Wi-FI à construire soi-même - Vidéo : ESRT @SecurityTube Ettercap bEEf Mashup Les derniers commentaires publiés sur SecuObs (6-25) Tous les commentaires publiés sur SecuObs avant les 5 derniers

[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA32111] Novell eDirectory Multiple Vulnerabilities

Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: link://[click]

TITLE: Novell eDirectory Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA32111

VERIFY ADVISORY: link://[click]

CRITICAL: Moderately critical

IMPACT: DoS, System access

WHERE: From local network SOFTWARE: Novell eDirectory 8.x link://[click]

DESCRIPTION: Some vulnerabilities have been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

1) Unspecified errors exist in the processing of replica verbs (Opcode 0x23 and 0x24), which can be exploited to cause heap-based buffer overflows.

2) An unspecified error exists in the processing of the DSV_READ verb (Opcode 0x0F), which can be exploited to cause a heap-based buffer overflow.

3) An unspecified error exists in the processing of HTTP Content-Length headers, which can be exploited to cause a crash.

4) An unspecified error exists in the processing of HTTP Accept-Language headers, which can be exploited to cause a crash.

The vulnerabilities are reported in version 8.7.3 SP10.

SOLUTION: Apply 8.7.3 SP10 FTF1.

PROVIDED AND/OR DISCOVERED BY: The vendor credits ZDI.

ORIGINAL ADVISORY: link://[click]

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: link://[click]

Definitions: (Criticality, Where etc.) link://[click]

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link.

Secunia NEVER sends attached files with advisories.

Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Precedent par Date: [SA32130] Libxml2 Predefined Entities Denial of Service Vulnerability
Suivant par Date: [SA32125] Avaya CMS Solaris ACL for UFS File Systems Local Denial of Service
Precedent par fil : [SA32130] Libxml2 Predefined Entities Denial of Service Vulnerability
Suivant par fil : [SA32125] Avaya CMS Solaris ACL for UFS File Systems Local Denial of Service
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion BugTraq
Archives de la liste de diffusion DailyDave
Archives de la liste de diffusion FunSec
Archives de la liste de diffusion Full Disclosure
Archives de la liste de diffusion Focus-IDS (FD)
Archives de la liste de diffusion Webappsec (FD)
Archives de la liste de diffusion Security-basics (FD)
Archives de la liste de diffusion Vulndiscuss
Archives de la liste de diffusion Vulnwatch

Les derniers commentaires publiés sur SecuObs (6-25):

- ESRT @securityshell - Metasploit Framework eXploit Builder v3 - ESRT @dougburks @michaelrash Conficker vs iptables and fwsnort - WepBuster v1.0 beta0.5 released - 130232 downloads of BackTrack 4 Pre-Final since the release - Latest version virtualbox 3.0.0 released - ESRT @mubix A very effective SSH bruteforcer by @laramies recently updated - ESRT @mubix - Middler gets some more updates today - Vidéo : P. Kleissner Stoned Bootkit preview, full at BH 09 Las Vegas - SSTIC 2009 Challenge vs Metasm - Vidéo : Password cracking with L0phtcrack 6 - DLL injection by modifying an executable file - reverse shell from SQLi with 1 HTTP request, no extra channel to upload initial - Hackers crack ColdFusion - Vidéo : Hiding Files with NTFS Alternative Data Streams - Whitepaper Understanding and using RFID - phpMyAdmin exploited in masses - Update: PyLoris 1.8 - ESRT @dougburks - Richard Bejtlich's Wireshark 12 Tutorial - ESRT @Carlos_Perez @joswr1ght WPA2-PSK cracker Cowpatty 46 with less teh suck - ESRT @dougburks Synjunkie on DNS BackTrack 4 tools Fierce and DNSRecon Les cinq derniers commentaires publiés sur SecuObs Tous les commentaires publiés sur SecuObs avant les 25 derniers

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / WEP aircrack + Ubiquiti (MadWifi) 300 mW + Yagi / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, windows, exploit, microsoft, réseau, attaque, vulnérabilité, système, audit, outil, virus, internet, données, linux, présentation, bluetooth, vista, metasploit, protocol, shell, scanner, réseaux, trames, téléphone, paquet, wishmaster, rootkit, engineering, sysun, https, black, mobile, noyau, téléphones, conférence, mémoire, source, scapy, google, reverse, détection, malveillant, snort, sécurise, patch + de mots clés avec l'annuaire des articles publiés sur SecuObs

Archives Failles Secunia :

- SA35687 Gentoo update for mod_security - SA35686 Gentoo update for libwmf - SA35699 Red Hat update for ruby - SA35697 Red Hat update for pidgin - SA35688 Ubuntu update for nagios2 and nagios3 + d'archives failles avec Secunia et SecuMail

Archives Mailing Full Disclosure :

- Full-disclosure Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance Products - Full-disclosure Cisco Security Advisory: Cisco Physical Access Gateway Denial of Service Vulnerability - Full-disclosure Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability - Full-disclosure Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability - Full-disclosure SSANZ - Server Systems Administration NZ. + d'archives Full Disclosure avec SecuMail

Archives Mailing Bugtraq :

- Cisco Security Advisory: Vulnerabilities in Cisco Video Surveillance Products - Cisco Security Advisory: Cisco Physical Access Gateway Denial of Service Vulnerability - Cisco Security Advisory: Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability - Cisco Security Advisory: Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability - Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome - SECURITY DSA 1825-1 New nagios2/nagios3 packages fix arbitrary code execution + d'archives Bugtraq avec SecuMail

Mini-Tagwall de l'annuaire video :

virus, spyware, vmware, firmware, security, malware, lockpicking, biometric, kernel, iphone, windows, adware, password, wimax, botnet, tutorial, phish, linux, symantec, rootkit, knoppix, metasploit, network, attack, server, virtual, internet, jailbreak, notacon, conference, exploit, backtrack, google, wireshark, defcon, hacker, openbsd, intel, ettercap, firewall, source, samsung, reprap, wireless, norton + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, vulnérabilité, windows, vulnerability, network, attack, google, hacker, exploit, inject, internet, remote, server, mobile, malware, apple, iphone, black, patch, sécurité, virus, linux, ebook, conficker, crypt, source, intel, virtual, facebook, access, trojan, twitter, research, firefox, overflow, pirate, phish, vista, cisco, obama, office, local, opera, adobe + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, cisco, linux, defcon, firewall, vmware, metasploit, attack, server, phish, network, twitter, windows, exploit, nessus, backtrack, botnet, inject, crypt, wireshark, vulnerabi, python, acking, iphone, black, source, engineering, google, conficker, social, clouds, vulnerability, podcast, patch, virus, pentest, juniper, hacker, apple, client, proxy, virtual, complianc, apache, javascript + de mots clés avec l'annuaire de la revue Twitter