Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.EDIRECTORY_EMBOX_UNAUTH_ACCESS.NASL
HistoryApr 11, 2008 - 12:00 a.m.

Novell eDirectory eMBox Utility Unauthorized Access

2008-04-1100:00:00
This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
www.tenable.com
13

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.346 Low

EPSS

Percentile

97.1%

JSON

The remote host is running eDirectory, a popular directory service software from Novell.

A vulnerability in the eMBox utility included with the software, may allow an unauthenticated attacker to access local files or cause a denial of service condition.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(31850);
  script_version("1.18");
  script_cvs_date("Date: 2018/11/15 20:50:26");

  script_cve_id("CVE-2008-0926");
  script_bugtraq_id(28441);
  script_xref(name:"Secunia", value:"29527");

  script_name(english:"Novell eDirectory eMBox Utility Unauthorized Access");
  script_summary(english:"Checks version of eDirectory service embox.nlm");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that may allow
unauthorized access to the system.");
  script_set_attribute(attribute:"description", value:
"The remote host is running eDirectory, a popular directory service
software from Novell.

A vulnerability in the eMBox utility included with the software, may
allow an unauthenticated attacker to access local files or cause a
denial of service condition.");
  script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2008/May/54");
  script_set_attribute(
    attribute:"see_also",
    value:"https://support.microfocus.com/kb/doc.php?id=3477912"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade to eDirectory 8.8.2 or rename 'embox.nlm'.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(287);

  script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:novell:edirectory");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl");
  script_require_keys("SMB/Registry/Enumerated");
  script_require_ports(139, 445);

  exit(0);
}

include("smb_func.inc");
include("smb_hotfixes.inc");
include("audit.inc");

if (!get_kb_item("SMB/Registry/Enumerated")) exit(0);

name    =  kb_smb_name();
port    =  kb_smb_transport();
#if (!get_port_state(port)) exit(0);
login   =  kb_smb_login();
pass    =  kb_smb_password();
domain  =  kb_smb_domain();

#soc = open_sock_tcp(port);
#if (!soc) exit(0);

#session_init(socket:soc, hostname:name);
if(!smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');

rc = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if (rc != 1)
{
  NetUseDel();
  exit(0);
}

# Connect to HKLM
hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if (isnull(hklm))
{
  NetUseDel();
  exit(0);
}

# Check if NDS is installed
key = NULL;
edir_name = NULL;
edir_path = NULL;

key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NDSonNT";

key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
if (!isnull(key_h))
{
  # If eDirectory is installed...
  item = RegQueryValue(handle:key_h, item:"DisplayName");
  if (!isnull(item))
  {
    edir_name = item[1];
  }
  RegCloseKey(handle:key_h);
}

# Get the share where edir is installed.

key = "SYSTEM\CurrentControlSet\Services\NDS Server0";
key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
if (!isnull(key_h))
{
  item = RegQueryValue(handle:key_h, item:"ImagePath");
  if (!isnull(item))
  {
    edir_path = item[1];
    edir_path = str_replace(string:edir_path,find:'"',replace: "");
  }
  RegCloseKey(handle:key_h);
}

RegCloseKey(handle:hklm);

# Exit if eDirectory is not installed.

if ("Novell eDirectory" >!< edir_name || isnull(edir_name) || isnull(edir_path))
{
  NetUseDel();
  exit(0);
}

share  = ereg_replace(pattern:"^([A-Za-z]):.*$", replace:"\1$", string:edir_path);
share2 = ereg_replace(pattern:"\$", replace:":", string:share);
nlm =   "\\novell\\NDS\\embox.dlm";

NetUseDel(close:FALSE);

# Connect to the appropriate share
rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);
if (rc != 1)
{
  NetUseDel();
  exit(0);
}

fh = CreateFile(
  file:nlm,
  desired_access:GENERIC_READ,
  file_attributes:FILE_ATTRIBUTE_NORMAL,
  share_mode:FILE_SHARE_READ,
  create_disposition:OPEN_EXISTING
);

ver = NULL;
if (!isnull(fh))
{
  ver = GetFileVersion(handle:fh);
  CloseFile(handle:fh);
}
NetUseDel();

# Check the version number.
if (!isnull(ver))
{
  # Version of eMBox service for eDirectory 8.8 SP2
  fix = split("202.14.4.0", sep:'.', keep:FALSE);
  for (i=0; i<max_index(fix); i++)
    fix[i] = int(fix[i]);

  for (i=0; i<max_index(ver); i++)
    if ((ver[i] < fix[i]))
    {
      if (report_verbosity)
      {
	version = string(ver[0], ".", ver[1], ".", ver[2], ".", ver[3]);
        report = string(
          "\n",
          "Version ", version, " of eMBox.nlm is installed under :\n",
          "\n",
          "  ", share2, "\\novell\\NDS\\embox.dlm\n"
        );
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      break;
    }
    else if (ver[i] > fix[i])
      break;
}
VendorProductVersionCPE
novelledirectorycpe:/a:novell:edirectory

Related

cvelist 2
prion 2
cve 2
seebug 1
nvd 2
nessus 1
securityvulns 1
cvelist
cvelist
CVE-2008-0926
2008-03-28 18:00:00
CVE-2010-0666
2022-10-03 16:21:12
prion
prion
Authentication flaw
2008-03-28 18:44:00
Design/Logic Flaw
2010-02-19 17:30:00
cve
cve
CVE-2008-0926
2008-03-28 18:44:00
CVE-2010-0666
2022-10-03 16:21:12
seebug
seebug
Novell eDirectory eMBoxๅทฅๅ…ทedirutilๅ‘ฝไปค็ป•่ฟ‡่ฎค่ฏๆผๆดž
2008-05-07 00:00:00
nvd
nvd
CVE-2008-0926
2008-03-28 18:44:00
CVE-2010-0666
2010-02-19 17:30:01
nessus
nessus
Novell eDirectory eMBox Utility Unauthorized Access (uncredentialed check)
2008-04-11 00:00:00
securityvulns
securityvulns
Novell eDirectory unauthenticated access to SOAP interface
2008-05-06 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.346 Low

EPSS

Percentile

97.1%

JSON
Related for EDIRECTORY_EMBOX_UNAUTH_ACCESS.NASL
cvelist2prion2cve2seebug1nvd2nessus1securityvulns1