CVE Vulnerabilities

CVE-2008-0926

Improper Authentication

Published: Mar 28, 2008 | Modified: Oct 15, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Edirectory Novell 8.5 8.5
Edirectory Novell 8.5.12a 8.5.12a
Edirectory Novell 8.5.27 8.5.27
Edirectory Novell 8.6.2 8.6.2
Edirectory Novell 8.7 8.7
Edirectory Novell 8.7.1 8.7.1
Edirectory Novell 8.7.1 8.7.1
Edirectory Novell 8.7.3 8.7.3
Edirectory Novell 8.7.3.8 8.7.3.8
Edirectory Novell 8.7.3.8_presp9 8.7.3.8_presp9
Edirectory Novell 8.7.3.9 8.7.3.9
Edirectory Novell * 8.7.3.10
Edirectory Novell 8.8 8.8

Potential Mitigations

References