Описание
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-0926
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41426
- https://secure-support.novell.com/KanisaPlatform/Publishing/876/3866911_f.SAL_Public.html
- http://secunia.com/advisories/29527
- http://www.securityfocus.com/archive/1/491621/100/0/threaded
- http://www.securityfocus.com/bid/28441
- http://www.securitytracker.com/id?1019691
- http://www.vupen.com/english/advisories/2008/0988/references
Связанные уязвимости
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.