Environment
Novell eDirectory 8.7.3.10 for All Platforms
Novell eDirectory 8.8 for All Platforms
Situation
The specific flaw exists within the NDS daemon's SOAP service. When a malformed request is made to the novell.embox.connmgr.serverinfo SOAP action, the daemon makes an illegal reference thereby resulting in a
denial of service.
denial of service.
Resolution
This vulnerability is resolved in eDirectory 8.8.5 patch 3 or newer.
For eDirectory 8.8.X:
Apply eDirectory 8.8.5 patch 3 or newer version available by download at https://dl.netiq.com
For eDirectory 8.7.3.X:
Option 1: Upgrade to 8.8.5 patch 3
Option 2: DIsable eMBox on the server.
Linux/Unix:
Modify the /usr/lib/nds-modules/ndsmodules.conf file and comment out the embox module to prevent ndsd from auto loading the module.
Rename the /usr/lib/nds-modules/libembox.so* files so that the modules can't be loaded.
EX: mv /usr/lib/nds-modules/libembox.so /usr/lib/nds-modules/libembox.so.bak; mv /usr/lib/nds-modules/libembox.so.1.0 /usr/lib/nds-modules/libembox.so.1.0-bak
Windows:
Stop the embox.dlm in the Novell eDirectory Services under Control Panel.
Rename or move the c:\novell\nds\embox.dlm.
EX: Rename c:\novell\nds\embox.dlm to embox.bak
NetWare:
Unload embox.nlm
Rename or move the SYS:\SYSTEM\embox.nlm
EX: Rename SYS:\SYSTEM\EMBOX.NLM to EMBOX.OLD
Modify the SYS:\SYSTEM\AUTOEXEC.NCF to make sure embox.nlm isn't being loaded.
For eDirectory 8.8.X:
Apply eDirectory 8.8.5 patch 3 or newer version available by download at https://dl.netiq.com
For eDirectory 8.7.3.X:
Option 1: Upgrade to 8.8.5 patch 3
Option 2: DIsable eMBox on the server.
Linux/Unix:
Modify the /usr/lib/nds-modules/ndsmodules.conf file and comment out the embox module to prevent ndsd from auto loading the module.
Rename the /usr/lib/nds-modules/libembox.so* files so that the modules can't be loaded.
EX: mv /usr/lib/nds-modules/libembox.so /usr/lib/nds-modules/libembox.so.bak; mv /usr/lib/nds-modules/libembox.so.1.0 /usr/lib/nds-modules/libembox.so.1.0-bak
Windows:
Stop the embox.dlm in the Novell eDirectory Services under Control Panel.
Rename or move the c:\novell\nds\embox.dlm.
EX: Rename c:\novell\nds\embox.dlm to embox.bak
NetWare:
Unload embox.nlm
Rename or move the SYS:\SYSTEM\embox.nlm
EX: Rename SYS:\SYSTEM\EMBOX.NLM to EMBOX.OLD
Modify the SYS:\SYSTEM\AUTOEXEC.NCF to make sure embox.nlm isn't being loaded.
Additional Information
This vulnerability was reported by TippingPoint, The Zero Day Initiative ZDI
This vulnerability was discovered by: * 1c239c43f521145fa8385d64a9c32243
This vulnerability was discovered by: * 1c239c43f521145fa8385d64a9c32243