Sign-up

ID

VAR-201002-0037


CVE

CVE-2009-4653


TITLE

Novell eDirectory Multiple Remote Vulnerabilities

Trust: 0.9

sources: CNVD: CNVD-2010-1046 // BID: 40541

DESCRIPTION

Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:. Novell eDirectory is a cross-platform directory server. Novell eDirectory has multiple security vulnerabilities that allow malicious users to perform denial of service or control system attacks. - Unexplained errors in NDSD when dealing with malformed verbs can cause an application to crash. - Submit a specially constructed GET request, dhost.exe processing has a boundary error, which can cause a buffer overflow. - Partial security scan operation on the service, Dhost has an unspecified error, which can cause the application to crash. Novell eDirectory is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Novell eDirectory 8.8 SP5 is vulnerable; other versions may also be affected. Novell eDirectory is prone to multiple remote vulnerabilities. These issues affect eDirectory versions prior to 8.8 SP5 Patch 4. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Novell eDirectory Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40041 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40041/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40041 RELEASE DATE: 2010-06-04 DISCUSS ADVISORY: http://secunia.com/advisories/40041/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40041/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40041 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Novell eDirectory, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. by running a certain security scan against the server. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits ZDI. 2) HACKATTACK 3) Reported by the vendor. ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=3426981 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5076150.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5076151.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2009-4653 // JVNDB: JVNDB-2009-005276 // CNVD: CNVD-2010-1046 // BID: 37009 // BID: 40541 // PACKETSTORM: 90247

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-1046

AFFECTED PRODUCTS

vendor:novellmodel:edirectoryscope:eqversion:8.8

Trust: 2.2

vendor:novellmodel:edirectoryscope:eqversion:8.8 sp5

Trust: 0.8

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:novellmodel:edirectory sp5scope:eqversion:8.8

Trust: 0.6

vendor:novellmodel:edirectory sp4 ftf1scope:eqversion:8.8

Trust: 0.6

vendor:novellmodel:edirectory sp4scope:eqversion:8.8

Trust: 0.6

vendor:novellmodel:edirectory sp3 ftf3scope:eqversion:8.8

Trust: 0.6

vendor:novellmodel:edirectory sp3scope:eqversion:8.8

Trust: 0.6

vendor:novellmodel:edirectory sp2scope:eqversion:8.8

Trust: 0.6

vendor:novellmodel:edirectory sp1scope:eqversion:8.8

Trust: 0.6

vendor:novellmodel:edirectory ftf2scope:eqversion:8.8.2

Trust: 0.3

vendor:novellmodel:edirectoryscope:eqversion:8.8.2

Trust: 0.3

vendor:novellmodel:edirectoryscope:eqversion:8.8.1

Trust: 0.3

vendor:novellmodel:edirectory sp5 ftf1scope:eqversion:8.8

Trust: 0.3

vendor:novellmodel:edirectory sp5 patchscope:neversion:8.84

Trust: 0.3

sources: CNVD: CNVD-2010-1046 // BID: 37009 // BID: 40541 // JVNDB: JVNDB-2009-005276 // CNNVD: CNNVD-201002-279 // NVD: CVE-2009-4653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-4653
value: HIGH

Trust: 1.0

NVD: CVE-2009-4653
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201002-279
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2009-4653
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2009-005276 // CNNVD: CNNVD-201002-279 // NVD: CVE-2009-4653

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2009-005276 // NVD: CVE-2009-4653

THREAT TYPE

network

Trust: 0.6

sources: BID: 37009 // BID: 40541

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201002-279

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-005276

PATCH
title:7004721url:http://www.novell.com/products/edirectory/
Trust: 0.8
title:Update of Multiple Security Vulnerabilities in Novell eDirectoryurl:https://www.cnvd.org.cn/patchInfo/show/555
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2010-1046 // 
            
            
            
            JVNDB: JVNDB-2009-005276

EXTERNAL IDS
db:NVDid:CVE-2009-4653
Trust: 3.6
db:BIDid:37009
Trust: 1.9
db:JVNDBid:JVNDB-2009-005276
Trust: 0.8
db:SECUNIAid:40041
Trust: 0.7
db:CNVDid:CNVD-2010-1046
Trust: 0.6
db:BUGTRAQid:20091112 NOVELL EDIRECTORY 8.8 SP5 DENIAL OF SERVICE
Trust: 0.6
db:XFid:54264
Trust: 0.6
db:CNNVDid:CNNVD-201002-279
Trust: 0.6
db:BIDid:40541
Trust: 0.3
db:PACKETSTORMid:90247
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-1046 // 
            
            
            
            BID: 37009 // 
            
            
            
            BID: 40541 // 
            
            
            
            JVNDB: JVNDB-2009-005276 // 
            
            
            
            PACKETSTORM: 90247 // 
            
            
            
            CNNVD: CNNVD-201002-279 // 
            
            
            
            NVD: CVE-2009-4653

REFERENCES
url:http://www.securityfocus.com/bid/37009
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/54264
Trust: 1.0
url:http://www.securityfocus.com/archive/1/507812/100/0/threaded
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4653
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4653
Trust: 0.8
url:http://secunia.com/advisories/40041/
Trust: 0.7
url:http://www.novell.com/products/edirectory/
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/54264
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/507812/100/0/threaded
Trust: 0.6
url:http://www.novell.com/support/viewcontent.do?externalid=3426981
Trust: 0.4
url:http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5076150.html
Trust: 0.4
url:http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5076151.html
Trust: 0.4
url:/archive/1/507812
Trust: 0.3
url:http://secunia.com/advisories/40041/#comments
Trust: 0.1
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=40041
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/webinars/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-1046 // 
            
            
            
            BID: 37009 // 
            
            
            
            BID: 40541 // 
            
            
            
            JVNDB: JVNDB-2009-005276 // 
            
            
            
            PACKETSTORM: 90247 // 
            
            
            
            CNNVD: CNNVD-201002-279 // 
            
            
            
            NVD: CVE-2009-4653

CREDITS
HACKATTACK IT SECURITY GmbH
Trust: 0.9
sources:
            
            
            BID: 37009 // 
            
            
            
            CNNVD: CNNVD-201002-279

SOURCES
db:CNVDid:CNVD-2010-1046
db:BIDid:37009
db:BIDid:40541
db:JVNDBid:JVNDB-2009-005276
db:PACKETSTORMid:90247
db:CNNVDid:CNNVD-201002-279
db:NVDid:CVE-2009-4653

LAST UPDATE DATE
2024-11-23T22:23:37.788000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-1046date:2010-06-05T00:00:00
db:BIDid:37009date:2015-04-13T21:06:00
db:BIDid:40541date:2010-06-03T16:50:00
db:JVNDBid:JVNDB-2009-005276date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-201002-279date:2010-03-01T00:00:00
db:NVDid:CVE-2009-4653date:2024-11-21T01:10:08.637

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-1046date:2010-06-05T00:00:00
db:BIDid:37009date:2009-11-12T00:00:00
db:BIDid:40541date:2010-05-31T00:00:00
db:JVNDBid:JVNDB-2009-005276date:2012-09-25T00:00:00
db:PACKETSTORMid:90247date:2010-06-03T08:21:39
db:CNNVDid:CNNVD-201002-279date:2009-11-12T00:00:00
db:NVDid:CVE-2009-4653date:2010-02-26T18:30:00.367