One of the benefits of NetWare and other Novell products has always been their security. Major security problems only seem to come along about once a decade, on average. So when a vulnerability does surface, it can seem much bigger than it really is. Last week Secunia reported a potential denial-of-service exploit that leverages a bug in eDirectory.
RE: Coming soon. Changes to NetworldWorld.com
cyberbullying article june, 2007
E-Mail article
|
|
Print article
|
|
Contact author
|
Reprint
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
<aside> Actually, Secunia has reported 12 “advisories” for eDirectory since 2003. None was listed as more than moderately critical and all have been addressed by Novell through patches. By contrast, there have been 104 advisories issued for Windows Server 2003, 9% of which are still unpatched and 39% of which are considered “highly critical” or worse! </aside>
The full text of the warning is:
“A vulnerability has been reported in Novell eDirectory, which can be exploited by malicious people to cause a DoS. The vulnerability is caused due to a pointer handling error within the ‘BerDecodeLoginDataRequest()’ function in the libnmasldap.so module. This can be exploited to crash the process via a specially crafted login request. The vulnerability is reported in Novell eDirectory versions 8.8 and 8.8.1. Other versions may also be affected.”
What it means is that if someone knows the specific “login request” (and the implication is that this has to be done as code, not just as a username/password combination in a login box) they could cause eDirectory to crash rendering it unavailable for others to use for authentication, authorization or other purposes. There would most likely not be any damage and there’s little chance of a data breach.
If this were an Active Directory bug, it would be relatively unnoticed among all of the security problems that crop up seemingly daily in Windows. But because NetWare is so bug-free, it’s importance is magnified in the minds of some. It isn’t that important, but you should get the patch for it soon and install it at your first opportunity.
In some ways, after all, NetWare network managers may be less security conscious than their Windows counterparts simply because NetWare exploits are so few and far between.
Dave Kearns is a writer and consultant in Silicon Valley. He's written a number of books including the (sadly) now out of print "Peter Norton's Complete Guide to Networks." His musings can be found at Virtual Quill.
Kearns is the author of two Network World Newsletters: Windows Networking Strategies, and Identity Management. Comments about these newsletters should be sent to him at these respective addresses: windows@vquill.com, identity@vquill.com .
Kearns provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail.
| Start a public discussion with other Network World users on this article (scroll up to send this article to a colleague). Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
Copyright 2008 Network World Inc.
Browse Newsletter categories: Branch Office Best Practices | Convergence | High Speed LANs | Identity Management | IT Careers and Training | IT Leadership | Linux | Messaging | Network Optimization | Network/Systems Management | New Data Center Strategies | Novell NetWare Tips | Optical Networking | Outsourcing | Security Strategies | Servers | Service Provider News Report | Small Business Technology | Storage in the Enterprise | Technology Executive | View from The Edge | Virus and Bug Patch Alert | VORTEX Digest | VPNs | Web Applications | Wide Area Networking | Windows Networking Strategies | Wireless in the Enterprise |
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary [1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
