Environment
Novell eDirectory 8.8.2 and prior for Solaris
Novell eDirectory 8.8.2 and prior for Linux
Novell eDirectory 8.8.2 and prior for Windows 2003
Novell eDirectory 8.8.2 and prior for Windows 2000
Novell eDirectory 8.7.3.9 and prior for Solaris
Novell eDirectory 8.7.3.9 and prior for Linux
Novell eDirectory 8.7.3.9 and prior for Windows 2000
Novell eDirectory 8.7.3.9 and prior for Windows 2003
Situation
Error messages of the HTTP stack for iMonitor can be used to launch
XSS attacks on the users of the iMonitor interface.
Resolution
For eDirectory 8.8.X:
Upgrade eDir 8.8 to eDir 8.8.2 and apply eDir 8.8.2 ftf2
For eDirectory 8.7.3.X
Upgrade eDir 8.7.3 to eDir 8.7.3 sp10
Upgrade eDir 8.8 to eDir 8.8.2 and apply eDir 8.8.2 ftf2
For eDirectory 8.7.3.X
Upgrade eDir 8.7.3 to eDir 8.7.3 sp10
Status
Reported to EngineeringSecurity Alert
Additional Information
This vulnerability was reported by Nicholas Gregorie
CVE-2008-0925
CVE-2008-0925