Environment
NetIQ eDirectory 8.8 SP6 Patch 7
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Novell Open Enterprise Server 11 (OES 11) Linux
Situation
When running a Nessus scan against a fully patched OES2SP3 the following vulnerabilities are reported:
Plugin information:
63338 - Novell eDirectory 8.8.x Multiple Security Vulnerabilities
Synopsis
Synopsis
The remote directory service is affected by multiple vulnerabilities.
Description
Description
The remote host is running eDirectory, a directory service software from
Novell. The installed version of Novell eDirectory is affected by multiple
issues :
Novell. The installed version of Novell eDirectory is affected by multiple
issues :
- An unspecified cross-site scripting flaw exists.
(CVE-2012-0428)
(CVE-2012-0428)
- It is possible to trigger a remote denial of service vulnerability by sending
a malformed HTTP request. (CVE-2012-0429)
a malformed HTTP request. (CVE-2012-0429)
- An unspecified flaw may allow a remote attacker to gain access to
administrator cookie information. (CVE-2012-0430)
administrator cookie information. (CVE-2012-0430)
- There is an unspecified stack-based buffer overflow in the Novell NCP
implementation in eDirectory that has unspecified impact. (CVE-2012-0432)
implementation in eDirectory that has unspecified impact. (CVE-2012-0432)
Resolution
The vulnerabilties reported have already been fixed in this eDirectory version. There is a problem with the latest Nessus plugin, (edirectory_88sp7_patch2.nasl), in how in determines the eDirectory version. The plugin performs a rootDSE search and examines the "vendorVersion" attribute. It then performs the following check:
if (isnull(build_major) || int(build_major) <= 20608)
The correct check would be:
if (isnull(build_major) || int(build_major) < 20608)
if (isnull(build_major) || int(build_major) < 20608)
Update: it has been reported that this issue has been fixed in the latest release to the Nessus plugin feed.