(PRL-2009-08)

vendor:

Edirectory 8.8 SP5

by:

Francis Provencher

8.8

CVSS

HIGH

XSS

CWE

Product Name: Edirectory 8.8 SP5

Affected Version From: 202.19.15.0

Affected Version To: 202.19.15.0

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 2003 Server

2009

Novell Directory Services is a hierarchical, object oriented database that represents all the assets in an organization in a logical tree. Assets can include people, positions, servers, workstations, applications, printers, services, groups, etc. The use of dynamic rights inheritance and equivalence allows both global and fine grained access controls to be implemented efficiently. Access rights between objects in the tree are determined at the time of the request and is determined by the rights assigned to the objects by virtue of their location in the tree, any security equivalences and individual assignment. Proof of concept DoS code was provided which exploited the vulnerability.

Mitigation:

Implement input validation and output encoding to prevent XSS attacks.

Source

Exploit-DB raw data:

########################################################################
#############

Application: Novell Edirectory 8.8 SP5

Platforms: Windows 2003 Server

Exploitation: XSS

Date: 2009-09-23

Author: Francis Provencher (Protek Research Lab's)

########################################################################
#############

1) Introduction
2) Technical details and bug
3) The Code

########################################################################
#############

===============
1) Introduction
===============

Novell Directory Services is a hierarchical, object oriented database that represents all the assets in an organization in a logical tree. Assets can include people, positions, servers, workstations, applications, printers, services, groups, etc. The use of dynamic rights inheritance and equivalence allows both global and fine grained access controls to be implemented efficiently. Access rights between objects in the tree are determined at the time of the request and is determined by the rights assigned to the objects by virtue of their location in the tree, any security equivalences and individual assignment

(Source Wikipedia)

########################################################################
#############

============================
2) Technical details 
============================

Name:	dconserv.dlm
Ver.:	202.19.15.0

########################################################################
#############

===========
3) The Code
===========

Proof of concept DoS code;

https://*.*.*.*:8030/dhost/modules?I:dconserv.dlm=%3CSCRIPT%3Ealert(%22P
rotek%20Research%20Lab's%22);%3C/SCRIPT%3E

########################################################################
#############
(PRL-2009-08)