Security Flaw in Novell NetWare 6.5 and Open Enterprise Server Due to NULL Key SSL Implementation
CVE-2006-0997

Currently unrated

Key Information:

Vendor: Novell
Status: Open Enterprise Server
Vendor: CVE Published:; 23 March 2006

Summary

The SSL server implementation in NILE.NLM within Novell NetWare 6.5 and Novell Open Enterprise Server allows for the use of a NULL key. This misconfiguration can result in SSL-protected sessions being transmitted in cleartext, making them susceptible to interception. As a result, remote attackers can eavesdrop on the communication, potentially leading to exposure of sensitive data. Organizations utilizing these affected products are urged to assess their security configurations and upgrade to secure implementations to mitigate the risks associated with this vulnerability.

References

http://www.vupen.com/english/advisories/2006/1043

vdb-entryx_refsource_VUPEN

http://securitytracker.com/id?1015799

vdb-entryx_refsource_SECTRACK

http://support.novell.com/cgi-bin/search/searchtid.cgi?10...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 23, 2006
Vulnerability Reserved
Mar 6, 2006