{"openvas": [{"lastseen": "2017-09-29T14:09:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5092", "CVE-2008-5093", "CVE-2008-5091", "CVE-2008-5094"], "description": "This host is running Novell eDirectory and is prone to Multiple\n Vulnerabilities.", "modified": "2017-09-26T00:00:00", "published": "2008-11-21T00:00:00", "id": "OPENVAS:800136", "href": "http://plugins.openvas.org/nasl.php?oid=800136", "type": "openvas", "title": "Novell eDirectory Multiple Vulnerabilities Nov08 - (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_novell_edir_mult_vuln_nov08_lin.nasl 7277 2017-09-26 12:45:58Z cfischer $\n#\n# Novell eDirectory Multiple Vulnerabilities Nov08 - (Linux)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote code execution on the target\n machines or can allow disclosure of potentially sensitive information or\n can cause denial of service condition.\n Impact Level: Application\";\ntag_affected = \"Novell eDirectory 8.8 SP2 and prior on Linux.\";\ntag_insight = \"The flaws are due to\n - boundary error in LDAP and NDS services.\n - boundary error in HTTP language header and HTTP content-length header.\n - HTTP protocol stack(HTTPSTK) that does not properly filter HTML code from\n user-supplied input.\";\ntag_solution = \"Update to 8.8 Service Pack 3.\n http://support.novell.com/patches.html\";\ntag_summary = \"This host is running Novell eDirectory and is prone to Multiple\n Vulnerabilities.\";\n\nif(description)\n{\n script_id(800136);\n script_version(\"$Revision: 7277 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-26 14:45:58 +0200 (Tue, 26 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5091\", \"CVE-2008-5092\", \"CVE-2008-5093\", \"CVE-2008-5094\");\n script_bugtraq_id(30947);\n script_name(\"Novell eDirectory Multiple Vulnerabilities Nov08 - (Linux)\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020785.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020786.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020787.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020788.html\");\n script_xref(name : \"URL\" , value : \"http://www.novell.com/support/viewContent.do?externalId=3426981\");\n script_xref(name : \"URL\" , value : \"http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_mandatory_keys(\"login/SSH/success\");\n script_dependencies(\"ssh_authorization.nasl\");\n script_require_ports(8028, 8030);\n\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"ssh_func.inc\");\ninclude(\"version_func.inc\");\n\nport = 8028;\nif(!get_port_state(port))\n{\n port = 8030;\n if(!get_port_state(port)){\n exit(0);\n }\n}\n\nsock = ssh_login_or_reuse_connection();\nif(!sock){\n exit(0);\n}\n\neDirVer = get_bin_version(full_prog_name:\"ndsd\", version_argv:\"--version\",\n ver_pattern:\"Novell eDirectory ([0-9.]+ (SP[0-9]+)?)\", sock:sock);\nif(eDirVer != NULL)\n{\n eDirVer = ereg_replace(pattern:\" \", string: eDirVer[1], replace:\".\");\n if(version_is_less(version:eDirVer, test_version:\"8.8.SP3\")){\n security_message(port);\n }\n}\nssh_close_connection();\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5092", "CVE-2008-5093", "CVE-2008-5091", "CVE-2008-5094"], "description": "This host is running Novell eDirectory and is prone to Multiple\n Vulnerabilities.", "modified": "2017-02-20T00:00:00", "published": "2008-11-21T00:00:00", "id": "OPENVAS:800135", "href": "http://plugins.openvas.org/nasl.php?oid=800135", "type": "openvas", "title": "Novell eDirectory Multiple Vulnerabilities Nov08 - (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_novell_edir_mult_vuln_nov08_win.nasl 5370 2017-02-20 15:24:26Z cfi $\n#\n# Novell eDirectory Multiple Vulnerabilities Nov08 - (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote code execution on the target\n machines or can allow disclosure of potentially sensitive information\n or can cause denial of service.\n Impact Level: Application\";\ntag_affected = \"Novell eDirectory 8.8 SP2 and prior on Windows.\";\ntag_insight = \"The flaws are due to\n - boundary error in LDAP and NDS services.\n - boundary error in HTTP language header and HTTP content-length header.\n - HTTP protocol stack(HTTPSTK) that does not properly filter HTML code from\n user-supplied input.\";\ntag_solution = \"Update to 8.8 Service Pack 3.\n http://support.novell.com/patches.html\";\ntag_summary = \"This host is running Novell eDirectory and is prone to Multiple\n Vulnerabilities.\";\n\nif(description)\n{\n script_id(800135);\n script_version(\"$Revision: 5370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5091\", \"CVE-2008-5092\", \"CVE-2008-5093\", \"CVE-2008-5094\");\n script_bugtraq_id(30947);\n script_name(\"Novell eDirectory Multiple Vulnerabilities Nov08 - (Windows)\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020785.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020786.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020787.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020788.html\");\n script_xref(name : \"URL\" , value : \"http://www.novell.com/support/viewContent.do?externalId=3426981\");\n script_xref(name : \"URL\" , value : \"http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nport = 8028;\nif(!get_port_state(port))\n{\n port = 8030;\n if(!get_port_state(port)){\n exit(0);\n }\n}\n\neDirVer = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\" +\n \"\\Uninstall\\NDSonNT\", item:\"DisplayName\");\neDirVer = eregmatch(pattern:\"Novell eDirectory ([0-9.]+ (SP[0-9]+)?)\",\n string:eDirVer);\nif(eDirVer != NULL)\n{\n eDirVer = ereg_replace(pattern:\" \", string: eDirVer[1], replace:\".\");\n if(version_is_less(version:eDirVer, test_version:\"8.8.SP3\")){\n security_message(port);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5092", "CVE-2008-5093", "CVE-2008-5091", "CVE-2008-5094"], "description": "This host is running Novell eDirectory and is prone to Multiple\n Vulnerabilities.", "modified": "2018-12-10T00:00:00", "published": "2008-11-21T00:00:00", "id": "OPENVAS:1361412562310800136", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800136", "type": "openvas", "title": "Novell eDirectory Multiple Vulnerabilities Nov08 - (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_novell_edir_mult_vuln_nov08_lin.nasl 12741 2018-12-10 12:18:00Z cfischer $\n#\n# Novell eDirectory Multiple Vulnerabilities Nov08 - (Linux)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:novell:edirectory\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800136\");\n script_version(\"$Revision: 12741 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-10 13:18:00 +0100 (Mon, 10 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5091\", \"CVE-2008-5092\", \"CVE-2008-5093\", \"CVE-2008-5094\");\n script_bugtraq_id(30947);\n script_name(\"Novell eDirectory Multiple Vulnerabilities Nov08 - (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_novell_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Novell/eDir/Lin/Ver\");\n\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020785.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020786.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020787.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020788.html\");\n script_xref(name:\"URL\", value:\"http://www.novell.com/support/viewContent.do?externalId=3426981\");\n script_xref(name:\"URL\", value:\"http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt\");\n script_xref(name:\"URL\", value:\"http://support.novell.com/patches.html\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote code execution on the target\n machines or can allow disclosure of potentially sensitive information or\n can cause denial of service condition.\");\n\n script_tag(name:\"affected\", value:\"Novell eDirectory 8.8 SP2 and prior on Linux.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to\n\n - boundary error in LDAP and NDS services.\n\n - boundary error in HTTP language header and HTTP content-length header.\n\n - HTTP protocol stack(HTTPSTK) that does not properly filter HTML code from\n user-supplied input.\");\n\n script_tag(name:\"solution\", value:\"Update to 8.8 Service Pack 3.\");\n\n script_tag(name:\"summary\", value:\"This host is running Novell eDirectory and is prone to Multiple\n Vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version:vers, test_version:\"8.8.SP3\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"8.8.SP3\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:40:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5092", "CVE-2008-5093", "CVE-2008-5091", "CVE-2008-5094"], "description": "This host is running Novell eDirectory and is prone to Multiple\n Vulnerabilities.", "modified": "2018-11-30T00:00:00", "published": "2008-11-21T00:00:00", "id": "OPENVAS:1361412562310800135", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800135", "type": "openvas", "title": "Novell eDirectory Multiple Vulnerabilities Nov08 - (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_novell_edir_mult_vuln_nov08_win.nasl 12602 2018-11-30 14:36:58Z cfischer $\n#\n# Novell eDirectory Multiple Vulnerabilities Nov08 - (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800135\");\n script_version(\"$Revision: 12602 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-30 15:36:58 +0100 (Fri, 30 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-11-21 14:18:03 +0100 (Fri, 21 Nov 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5091\", \"CVE-2008-5092\", \"CVE-2008-5093\", \"CVE-2008-5094\");\n script_bugtraq_id(30947);\n script_name(\"Novell eDirectory Multiple Vulnerabilities Nov08 - (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020785.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020786.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020787.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020788.html\");\n script_xref(name:\"URL\", value:\"http://www.novell.com/support/viewContent.do?externalId=3426981\");\n script_xref(name:\"URL\", value:\"http://www.novell.com/documentation/edir873/sp10_readme/netware/readme.txt\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote code execution on the target\n machines or can allow disclosure of potentially sensitive information or can cause denial of service.\");\n\n script_tag(name:\"affected\", value:\"Novell eDirectory 8.8 SP2 and prior on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to,\n\n - boundary error in LDAP and NDS services.\n\n - boundary error in HTTP language header and HTTP content-length header.\n\n - HTTP protocol stack(HTTPSTK) that does not properly filter HTML code from\n user-supplied input.\");\n\n script_tag(name:\"solution\", value:\"Update to 8.8 Service Pack 3.\");\n\n script_tag(name:\"summary\", value:\"This host is running Novell eDirectory and is prone to Multiple\n Vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"version_func.inc\");\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\NDSonNT\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\neDirVer = registry_get_sz(key:key, item:\"DisplayName\");\neDirVer = eregmatch(pattern:\"Novell eDirectory ([0-9.]+ (SP[0-9]+)?)\", string:eDirVer);\nif(!isnull(eDirVer))\n{\n eDirVer = ereg_replace(pattern:\" \", string: eDirVer[1], replace:\".\");\n if(version_is_less(version:eDirVer, test_version:\"8.8.SP3\")){\n report = report_fixed_ver(installed_version:eDirVer, fixed_version:\"8.8.SP3\");\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-11-21T11:05:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5092", "CVE-2008-5093", "CVE-2008-5091", "CVE-2008-5095", "CVE-2008-5094"], "description": "This host is running Novell eDirectory, which is prone to XSS,\n Denial of Service, and Remote Code Execution Vulnerabilities.", "modified": "2017-11-20T00:00:00", "published": "2008-09-02T00:00:00", "id": "OPENVAS:900210", "href": "http://plugins.openvas.org/nasl.php?oid=900210", "type": "openvas", "title": "Novell eDirectory Multiple Vulnerabilities (Linux)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_novell_edir_mult_vuln_linux_900210.nasl 7823 2017-11-20 08:54:04Z cfischer $\n# Description: Novell eDirectory Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful Remote exploitation will allow execution of\n arbitrary code, heap-based buffer overflow, Cross Site Scripting \n attacks, or cause memory corruption.\n Impact Level : System\";\n\ntag_solution = \"Apply 8.8 Service Pack 3.\n http://download.novell.com/Download?buildid=RH_B5b3M6EQ~\";\n\ntag_affected = \"Novell eDirectory 8.8 SP2 and prior versions on Linux (All).\";\n\ntag_insight = \"Multiple flaw are due to,\n - errors in HTTP Protocol Stack that can be exploited to cause heap\n based buffer overflow via a specially crafted language/content-length\n headers.\n - input passed via unspecified parameters to the HTTP Protocol Stack is\n not properly sanitzed before being returned to the user.\n - Multiple unknown error exist in LDAP and NDS services.\";\n\n\ntag_summary = \"This host is running Novell eDirectory, which is prone to XSS,\n Denial of Service, and Remote Code Execution Vulnerabilities.\";\n\n\nif(description)\n{\n script_id(900210);\n script_version(\"$Revision: 7823 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-20 09:54:04 +0100 (Mon, 20 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-02 16:25:07 +0200 (Tue, 02 Sep 2008)\");\n script_cve_id(\"CVE-2008-5091\",\"CVE-2008-5092\",\"CVE-2008-5093\",\"CVE-2008-5094\",\"CVE-2008-5095\");\n script_bugtraq_id(30947);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_family(\"Buffer overflow\");\n script_name(\"Novell eDirectory Multiple Vulnerabilities (Linux)\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\");\n script_exclude_keys(\"ssh/no_linux_shell\");\n\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/31684\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020788.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020787.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020786.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020785.html\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\ninclude(\"ssh_func.inc\");\n\n sock = ssh_login_or_reuse_connection();\n if(!sock){\n \texit(0);\n }\n\n output = ssh_cmd(socket:sock, cmd:\"ndsd --version\", timeout:120);\n if(\"Novell eDirectory\" >!< output)\n {\n output = ssh_cmd(socket:sock, timeout:120,\n\t\t\t cmd:\"/opt/novell/eDirectory/sbin/ndsd --version\");\n }\n\n ssh_close_connection();\n\n if(\"Novell eDirectory\" >!< output){\n exit(0);\n }\n\n if(!(egrep(pattern:\"^Novell eDirectory ([0-7]\\..*|8\\.[0-7]( .*)?|8\\.8( SP[0-2])?)[^.0-9]\",\n string:output))){\n exit(0);\n }\n\n rpmList = get_kb_list(\"ssh/login/rpms\");\n foreach rpm (rpmList)\n {\n if((egrep(pattern:\"^novell-AUDTedirinst~(9\\.|8\\.9\\.|8.8.3|[1-9][0-9]+\\.)\",\n string:rpm))){\n exit(0);\n }\n }\n security_message(port:0);\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5092", "CVE-2008-5093", "CVE-2008-5091", "CVE-2008-5095", "CVE-2008-5094"], "description": "This host is running Novell eDirectory, which is prone to XSS,\n Denial of Service, and Remote Code Execution Vulnerabilities.", "modified": "2017-02-20T00:00:00", "published": "2008-09-02T00:00:00", "id": "OPENVAS:900209", "href": "http://plugins.openvas.org/nasl.php?oid=900209", "type": "openvas", "title": "Novell eDirectory Multiple Vulnerabilities (Windows)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_novell_edir_mult_vuln_win_900209.nasl 5370 2017-02-20 15:24:26Z cfi $\n# Description: Novell eDirectory Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\ntag_impact = \"Successful Remote exploitation will allow execution of\n arbitrary code, heap-based buffer overflow, Cross Site Scripting \n attacks, or cause memory corruption.\n Impact Level : System\";\n\ntag_solution = \"Apply 8.8 Service Pack 3.\n http://download.novell.com/Download?buildid=RH_B5b3M6EQ~\";\n\ntag_affected = \"Novell eDirectory 8.8 SP2 and prior versions on Windows 2000/2003.\";\n\ntag_insight = \"Multiple flaw are due to,\n - errors in HTTP Protocol Stack that can be exploited to cause heap\n based buffer overflow via a specially crafted language/content-length\n headers.\n - input passed via unspecified parameters to the HTTP Protocol Stack is\n not properly sanitzed before being returned to the user.\n - Multiple unknown error exist in LDAP and NDS services.\";\n\n\ntag_summary = \"This host is running Novell eDirectory, which is prone to XSS,\n Denial of Service, and Remote Code Execution Vulnerabilities.\";\n\n\nif(description)\n{\n script_id(900209);\n script_version(\"$Revision: 5370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-02 16:25:07 +0200 (Tue, 02 Sep 2008)\");\n script_cve_id(\"CVE-2008-5091\",\"CVE-2008-5092\",\"CVE-2008-5093\",\"CVE-2008-5094\",\"CVE-2008-5095\");\n script_bugtraq_id(30947);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_family(\"General\");\n script_name(\"Novell eDirectory Multiple Vulnerabilities (Windows)\");\n\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445, 8028, 8030);\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/31684\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020788.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020787.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020786.html\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2008/Aug/1020785.html\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\n include(\"smb_nt.inc\");\n\n if(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n }\n\n port = 8028;\n if(!get_port_state(port))\n {\n \tport = 8030;\n \tif(!get_port_state(port)){\n \texit(0);\n\t}\n }\n\n eDirVer = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\" +\n \"\\Uninstall\\NDSonNT\", item:\"DisplayName\");\n if(!eDirVer){\n\texit(0);\n }\n\n # Grep for Novell eDirectory Version < 8.8 SP2 \n if(!(egrep(pattern:\"^Novell eDirectory ([0-7]\\..*|8\\.[0-7]( .*)?|8\\.8( SP[0-2])?)$\",\n string:eDirVer))){\n exit(0);\n }\n\n eDirPath = registry_get_sz(key:\"SOFTWARE\\NOVELL\\NDS\\NDSSNMPAgent\" + \n \"\\CurrentVersion\", item:\"Pathname\");\n if(!eDirPath){\n exit(0);\n }\n\n eDirPath = eDirPath - \"ndssnmpsa.dll\";\n\n share = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:eDirPath);\n file = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:eDirPath + \n \"nauditds.dlm \");\n\n name = kb_smb_name();\n login = kb_smb_login();\n pass = kb_smb_password();\n domain = kb_smb_domain();\n port = kb_smb_transport();\n\n soc = open_sock_tcp(port);\n if(!soc){\n exit(0);\n }\n\n r = smb_session_request(soc:soc, remote:name);\n if(!r){\n close(soc);\n exit(0);\n }\n\n prot = smb_neg_prot(soc:soc);\n if(!prot){\n close(soc);\n exit(0);\n }\n\n r = smb_session_setup(soc:soc, login:login, password:pass,\n domain:domain, prot:prot);\n if(!r){\n close(soc);\n exit(0);\n }\n\n uid = session_extract_uid(reply:r);\n if(!uid){\n close(soc);\n exit(0);\n }\n\n r = smb_tconx(soc:soc, name:name, uid:uid, share:share);\n if(!r){\n close(soc);\n exit(0);\n }\n\n tid = tconx_extract_tid(reply:r);\n if(!tid){\n close(soc);\n exit(0);\n }\n\n fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file);\n if(!fid){\n close(soc);\n exit(0);\n }\n\n # Check for patch (By file size).\n fsize = smb_get_file_size(socket:soc, uid:uid, tid:tid, fid:fid);\n close(soc);\n\n if(!fsize){\n\texit(0);\n }\n\n if(fsize < 110592){\n security_message(0);\n }\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5092", "CVE-2008-5093", "CVE-2008-5091", "CVE-2008-5095", "CVE-2008-5094"], "description": "This host is running Novell eDirectory, which is prone to XSS,\n Denial of Service, and Remote Code Execution Vulnerabilities.", "modified": "2018-12-10T00:00:00", "published": "2008-09-02T00:00:00", "id": "OPENVAS:1361412562310900210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900210", "type": "openvas", "title": "Novell eDirectory Multiple Vulnerabilities (Linux)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_novell_edir_mult_vuln_linux_900210.nasl 12741 2018-12-10 12:18:00Z cfischer $\n# Description: Novell eDirectory Multiple Vulnerabilities (Linux)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nCPE = \"cpe:/a:novell:edirectory\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900210\");\n script_version(\"$Revision: 12741 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-10 13:18:00 +0100 (Mon, 10 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-02 16:25:07 +0200 (Tue, 02 Sep 2008)\");\n script_cve_id(\"CVE-2008-5091\", \"CVE-2008-5092\", \"CVE-2008-5093\", \"CVE-2008-5094\", \"CVE-2008-5095\");\n script_bugtraq_id(30947);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Buffer overflow\");\n script_name(\"Novell eDirectory Multiple Vulnerabilities (Linux)\");\n script_dependencies(\"secpod_novell_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Novell/eDir/Lin/Ver\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/31684\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020788.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020787.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020786.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020785.html\");\n script_xref(name:\"URL\", value:\"http://download.novell.com/Download?buildid=RH_B5b3M6EQ~\");\n\n script_tag(name:\"summary\", value:\"This host is running Novell eDirectory, which is prone to XSS,\n Denial of Service, and Remote Code Execution Vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw are due to,\n\n - errors in HTTP Protocol Stack that can be exploited to cause heap\n based buffer overflow via a specially crafted language/content-length headers.\n\n - input passed via unspecified parameters to the HTTP Protocol Stack is\n not properly sanitzed before being returned to the user.\n\n - Multiple unknown error exist in LDAP and NDS services.\");\n\n script_tag(name:\"affected\", value:\"Novell eDirectory 8.8 SP2 and prior versions on Linux (All).\");\n\n script_tag(name:\"solution\", value:\"Apply 8.8 Service Pack 3.\");\n\n script_tag(name:\"impact\", value:\"Successful Remote exploitation will allow execution of\n arbitrary code, heap-based buffer overflow, Cross Site Scripting attacks, or cause memory corruption.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! infos = get_app_version_and_location( cpe:CPE, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos['version'];\npath = infos['location'];\n\nif( version_is_less( version:vers, test_version:\"8.8.SP2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"8.8.SP3\", install_path:path );\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:40:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5092", "CVE-2008-5093", "CVE-2008-5091", "CVE-2008-5095", "CVE-2008-5094"], "description": "This host is running Novell eDirectory, which is prone to XSS,\n Denial of Service, and Remote Code Execution Vulnerabilities.", "modified": "2018-11-30T00:00:00", "published": "2008-09-02T00:00:00", "id": "OPENVAS:1361412562310900209", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900209", "type": "openvas", "title": "Novell eDirectory Multiple Vulnerabilities (Windows)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_novell_edir_mult_vuln_win_900209.nasl 12602 2018-11-30 14:36:58Z cfischer $\n# Description: Novell eDirectory Multiple Vulnerabilities (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n##############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900209\");\n script_version(\"$Revision: 12602 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-30 15:36:58 +0100 (Fri, 30 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-02 16:25:07 +0200 (Tue, 02 Sep 2008)\");\n script_cve_id(\"CVE-2008-5091\", \"CVE-2008-5092\", \"CVE-2008-5093\", \"CVE-2008-5094\", \"CVE-2008-5095\");\n script_bugtraq_id(30947);\n script_copyright(\"Copyright (C) 2008 SecPod\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_family(\"General\");\n script_name(\"Novell eDirectory Multiple Vulnerabilities (Windows)\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/31684\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020788.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020787.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020786.html\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2008/Aug/1020785.html\");\n script_xref(name:\"URL\", value:\"http://download.novell.com/Download?buildid=RH_B5b3M6EQ~\");\n\n script_tag(name:\"summary\", value:\"This host is running Novell eDirectory, which is prone to XSS,\n Denial of Service, and Remote Code Execution Vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw are due to,\n\n - errors in HTTP Protocol Stack that can be exploited to cause heap\n based buffer overflow via a specially crafted language/content-length headers.\n\n - input passed via unspecified parameters to the HTTP Protocol Stack is\n not properly sanitzed before being returned to the user.\n\n - Multiple unknown error exist in LDAP and NDS services.\");\n\n script_tag(name:\"affected\", value:\"Novell eDirectory 8.8 SP2 and prior versions on Windows 2000/2003.\");\n\n script_tag(name:\"solution\", value:\"Apply 8.8 Service Pack 3.\");\n\n script_tag(name:\"impact\", value:\"Successful Remote exploitation will allow execution of\n arbitrary code, heap-based buffer overflow, Cross Site Scripting\n attacks, or cause memory corruption.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\n include(\"smb_nt.inc\");\n\n if(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n }\n\n eDirVer = registry_get_sz(key:\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\" +\n \"\\Uninstall\\NDSonNT\", item:\"DisplayName\");\n if(!eDirVer){\n\texit(0);\n }\n\n if(!(egrep(pattern:\"^Novell eDirectory ([0-7]\\..*|8\\.[0-7]( .*)?|8\\.8( SP[0-2])?)$\",\n string:eDirVer))){\n exit(0);\n }\n\n eDirPath = registry_get_sz(key:\"SOFTWARE\\NOVELL\\NDS\\NDSSNMPAgent\" +\n \"\\CurrentVersion\", item:\"Pathname\");\n if(!eDirPath){\n exit(0);\n }\n\n eDirPath = eDirPath - \"ndssnmpsa.dll\";\n\n share = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:eDirPath);\n file = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:eDirPath +\n \"nauditds.dlm \");\n\n name = kb_smb_name();\n login = kb_smb_login();\n pass = kb_smb_password();\n domain = kb_smb_domain();\n port = kb_smb_transport();\n\n soc = open_sock_tcp(port);\n if(!soc){\n exit(0);\n }\n\n r = smb_session_request(soc:soc, remote:name);\n if(!r){\n close(soc);\n exit(0);\n }\n\n prot = smb_neg_prot(soc:soc);\n if(!prot){\n close(soc);\n exit(0);\n }\n\n r = smb_session_setup(soc:soc, login:login, password:pass,\n domain:domain, prot:prot);\n if(!r){\n close(soc);\n exit(0);\n }\n\n uid = session_extract_uid(reply:r);\n if(!uid){\n close(soc);\n exit(0);\n }\n\n r = smb_tconx(soc:soc, name:name, uid:uid, share:share);\n if(!r){\n close(soc);\n exit(0);\n }\n\n tid = tconx_extract_tid(reply:r);\n if(!tid){\n close(soc);\n exit(0);\n }\n\n fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file);\n if(!fid){\n close(soc);\n exit(0);\n }\n\n fsize = smb_get_file_size(socket:soc, uid:uid, tid:tid, fid:fid);\n close(soc);\n\n if(!fsize){\n\texit(0);\n }\n\n if(fsize < 110592){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-01T01:57:30", "description": "The remote host is running eDirectory, a directory service software\nfrom Novell. The installed version of Novell eDirectory is affected\nby multiple issues :\n\n - NDS module is affected by a heap overflow vulnerability \n (Bugs 396819 and 396817).\n\n - Windows installs of eDirectory NDS module are affected \n by a remote memory corruption vulnerability (Bug 373852).\n\n - LDAP module is affected by a buffer overflow \n vulnerability (Bug 373853).\n\n - Windows installs of eDirectory LDAP module are affected\n by a memory corruption DoS (Bug 359982).\n\n - HTTPSTK is affected by two heap overflow vulnerabilities \n affecting 'Language' and 'Content Length' headers in \n HTTPSTK (Bugs 379882 and 379880).\n\n - HTTPSTK is also affected by a cross-site scripting \n vulnerability (Bug 387429).", "edition": 26, "published": "2008-09-16T00:00:00", "title": "Novell eDirectory < 8.8 SP3 Multiple Vulnerabilities (OF, XSS, MC)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5092", "CVE-2008-5093", "CVE-2008-5091", "CVE-2008-5095", "CVE-2008-5094"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:novell:edirectory"], "id": "EDIRECTORY_88SP3_MULTIPLE_VULNS.NASL", "href": "https://www.tenable.com/plugins/nessus/34221", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(34221);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/15 20:50:23\");\n\n script_cve_id(\n \"CVE-2008-5091\",\n \"CVE-2008-5092\",\n \"CVE-2008-5093\",\n \"CVE-2008-5094\",\n \"CVE-2008-5095\"\n );\n script_bugtraq_id(30947);\n script_xref(name:\"Secunia\", value:\"31684\");\n\n script_name(english:\"Novell eDirectory < 8.8 SP3 Multiple Vulnerabilities (OF, XSS, MC)\");\n script_summary(english:\"Checks version of eDirectory from an LDAP search\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote directory service is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running eDirectory, a directory service software\nfrom Novell. The installed version of Novell eDirectory is affected\nby multiple issues :\n\n - NDS module is affected by a heap overflow vulnerability \n (Bugs 396819 and 396817).\n\n - Windows installs of eDirectory NDS module are affected \n by a remote memory corruption vulnerability (Bug 373852).\n\n - LDAP module is affected by a buffer overflow \n vulnerability (Bug 373853).\n\n - Windows installs of eDirectory LDAP module are affected\n by a memory corruption DoS (Bug 359982).\n\n - HTTPSTK is affected by two heap overflow vulnerabilities \n affecting 'Language' and 'Content Length' headers in \n HTTPSTK (Bugs 379882 and 379880).\n\n - HTTPSTK is also affected by a cross-site scripting \n vulnerability (Bug 387429).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microfocus.com/kb/doc.php?id=3426981\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to eDirectory 8.8 SP3 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 119);\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/09/16\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:novell:edirectory\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ldap_search.nasl\");\n script_require_ports(\"Services/ldap\", 389);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nldap_port = get_service(svc:\"ldap\", default:389, exit_on_fail:TRUE);\n\nedir_ldap = get_kb_item_or_exit('LDAP/'+ldap_port+'/vendorVersion');\nif (\"Novell eDirectory\" >!< edir_ldap) \n audit(AUDIT_NOT_LISTEN, 'eDirectory', ldap_port);\n\nedir_product = edir_ldap - 'LDAP Agent for ';\n\n# LDAP Agent for Novell eDirectory 8.7.3.10 (10555.95)\n# LDAP Agent for Novell eDirectory 8.7.3 (10552.72)\n# LDAP Agent for Novell eDirectory 8.8 (20114.35) \n# LDAP Agent for Novell eDirectory 8.8 SP1 (20114.57) # unpatched\n# LDAP Agent for Novell eDirectory 8.8 SP2 (20216.46) # unpatched\n# LDAP Agent for Novell eDirectory 8.8 SP3 (20216.73) # patched\n\nif (\n ereg(pattern:\"^LDAP Agent for Novell eDirectory ([0-7]\\.|8\\.[0-6]([^0-9]|$))\",string:edir_ldap) \t ||\n ereg(pattern:\"^LDAP Agent for Novell eDirectory 8.8 *SP[12] *\\(([0-9]+)\\.([0-9]+)\\)$\",string:edir_ldap) ||\n ereg(pattern:\"^LDAP Agent for Novell eDirectory 8.8 *\\(([0-9]+)\\.([0-9]+)\\)$\",string:edir_ldap)\n)\n{ \n set_kb_item(name:'www/0/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n edir_product = strstr(edir_ldap,\"Novell eDirectory\");\n edir_product = edir_product - strstr(edir_product , \"(\");\n\n report = string(\n \"\\n\",\n \" \",edir_product,\" is installed on the remote host.\\n\"\n );\n security_hole(port:ldap_port, extra:report);\n }\n else security_hole(ldap_port); \n exit(0);\n} \nelse audit(AUDIT_LISTEN_NOT_VULN, edir_product, ldap_port);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
