CVE-2008-0926

Name of the Vulnerable Software and Affected Versions Novell eDirectory versions 8.7.3.9 and earlier Novell eDirectory versions 8.8.x before 8.8.2 Novell eDirectory version 8.7.3.10

Description The issue concerns the SOAP interface to the eMBox module, which relies on client-side authentication. This allows remote attackers to bypass authentication by making requests for /SOAP URIs. As a result, attackers can cause a denial of service, leading to daemon shutdown, or read arbitrary files.

Recommendations For Novell eDirectory versions 8.7.3.9 and earlier, update to a version later than 8.7.3.9 to resolve the issue. For Novell eDirectory versions 8.8.x before 8.8.2, update to version 8.8.2 or later to resolve the issue. For Novell eDirectory version 8.7.3.10, consider disabling the SOAP interface to the eMBox module as a temporary workaround until a patch is available.