N/A

The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.

N/A

N/A

Novell eDirectory eMBox工具edirutil命令绕过认证漏洞

Novell eDirectory是一个的跨平台的目录服务器。 Novell eDirectory处理访问认证时存在漏洞，远程攻击者可能利用此漏洞获取非授权访问。 可通过/SOAP URL使用Novell eDirectory的eMBox工具的SOAP接口，通常是通过命令行客户端edirutil.exe使用的。默认下未经认证的攻击者可以利用这个工具获得完全的DN、修改日志文件名称、读取日志文件内容，或停止和启动eDirectory组件。此外攻击者还可以通过其他命令将数据库备份到文件，结合read_logs

N/A

N/A