Date: 20 March 2012
References: ESB-2010.0567.2
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2012.0039
A vulnerability has been identified in Novell eDirectory
20 March 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Novell eDirectory
Operating System: Windows
Netware
Linux variants
Solaris
AIX
Impact/Access: Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2010-1929
Member content until: Thursday, April 19 2012
Reference: ESB-2010.0567.2
OVERVIEW
A vulnerability has been identified in Novell eDirectory prior
to version 8.8 SP6 Patch 5.
IMPACT
The vendor has provided the following details regarding this
vulnerability:
"Authenticated buffer overflow in jclient resulting in an iManager
crash (Bug 729659) (CVE-2010-1929)" [1]
MITIGATION
The vendor recommends updating to the latest version to correct
this issue. [1]
REFERENCES
[1] History of Issues Resolved in eDirectory 8.8.x
http://www.novell.com/support/viewContent.do?externalId=3426981
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBT2f9sO4yVqjM2NGpAQIRjQ/+PLB0i+dkyj+Z2WAO+wkeMn8PRtGDZ8EC
0pP+9RIse8lhNwcMC7USqSI0PPue8fwZqBUD7oPxxIfgB7aZ9lq6QxYYXNmMGVAV
g5gFH3AkEjMst/TcRfEL0Z5XQYkWUJoIGnB0aLMkt1qkCGtFx9eMBWJwzUIYLemD
Q0RmCSZB8YJTgKCNmG9U5Q6GYS2kAVmWlaB6XzHeXO2MKfnBJ7xhqAYLzSdTmUzY
2vAEKDl6PtAMLpXbhp2VN1AoknN77af2hQSKWeJCFcpt4FSXL8jwbdTaeB9uEheT
9Cl3bPIHrozknvot0mfhNPaqOQgUWRv3LIs2GVCkv1f2ks00ILhjBdcj3GVL5TZm
+4sfYi+8PGVhmtmxiZNBrFRr+KGQAbsqusqns53FCEyypWuCsAGbiL2Z4HhPhJ5S
coKvBXpMcdJfBbMLuJkZtzuHrOuF/VrolXg44QXouR5RXcZzQdU29VtbuSdaZf7D
xkFmnTWrF6xbRf6u1JPchnNNvifa1es37ZQWAn6fWDDJp9E8CtbrfXuqd7NucDAH
axHNf6noWYDgYGmsOJWJAYhAGE2CjVXSIG8LXkZduSqBsD42MtH1eP9zcp92r6SQ
wxg7kgMYJoH+LAMLrGWU8nrilsB8dp7iCldZoA/ZJwpO/Rsw9C4RPOOjjSpaYMXo
kFbmi5S1dL4=
=Ddvs
-----END PGP SIGNATURE-----
|