|
[ Message Precedent sur la mailing][ Message Suivant sur la mailing][ Precedent dans le fil][ Prochain dans le fil][ Index par Date][ Index par fil]
[SA34160] Novell eDirectory Multiple Vulnerabilities
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability
intelligence source on the market.
Implement it through Secunia.
For more information visit:
link://[click]
Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@xxxxxxxxxxx
TITLE:
Novell eDirectory Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA34160
VERIFY ADVISORY:
link://[click]
DESCRIPTION:
Some vulnerabilities have been reported in Novell eDirectory, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
1) An off-by-one error exists in the iMonitor component when
processing HTTP requests. This can be exploited to cause a
stack-based buffer overflow and crash an affected server via an HTTP
request having a specially crafted "Accept-Language" header.
The vulnerability is confirmed in versions 8.8 SP3 and 8.8 SP3 FTF3.
Other versions may also be affected.
2) An unspecified error when using multiple wild cards in RDNs can
potentially be exploited to crash ndsd.
3) An unspecified error in the processing of LDAP packets can be
exploited to cause a crash.
SOLUTION:
Update to version 8.8 SP5.
PROVIDED AND/OR DISCOVERED BY:
1) Alin Rad Pop, Secunia Research
2, 3) Reported by the vendor.
ORIGINAL ADVISORY:
Secunia Research:
link://[click]
Novell:
link://[click]
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
link://[click]
Definitions: (Criticality, Where etc.)
link://[click]
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure
Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|