Nessus scan reports security vulnerabilities in eDirectory 8.8 SP6 Patch 7

  • 7011656
  • 17-Jan-2013
  • 25-Mar-2013

Environment

NetIQ eDirectory 8.8 SP6 Patch 7
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 3
Novell Open Enterprise Server 11 (OES 11) Linux

Situation

When running a Nessus scan against a fully patched OES2SP3 the following vulnerabilities are reported:
 
Plugin information:
 
63338 - Novell eDirectory 8.8.x Multiple Security Vulnerabilities    
Synopsis
 
The remote directory service is affected by multiple vulnerabilities.
Description
 
The remote host is running eDirectory, a directory service software from
Novell. The installed version of Novell eDirectory is affected by multiple
issues :
 
- An unspecified cross-site scripting flaw exists.
(CVE-2012-0428)
 
- It is possible to trigger a remote denial of service vulnerability by sending
a malformed HTTP request. (CVE-2012-0429)
- An unspecified flaw may allow a remote attacker to gain access to
administrator cookie information. (CVE-2012-0430)
 
- There is an unspecified stack-based buffer overflow in the Novell NCP
implementation in eDirectory that has unspecified impact. (CVE-2012-0432)

Resolution

The vulnerabilties reported have already been fixed in this eDirectory version.  There is a problem with the latest Nessus plugin, (edirectory_88sp7_patch2.nasl), in how in determines the eDirectory version.  The plugin performs a rootDSE search and examines the "vendorVersion" attribute.  It then performs the following check:
 
if (isnull(build_major) || int(build_major) <= 20608)
 
The correct check would be:
if (isnull(build_major) || int(build_major) < 20608)
 
Update: it has been reported that this issue has been fixed in the latest release to the Nessus plugin feed.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.