existing connection is being used even though eDirectory LDAP server is upgraded to EBA
CVE-2017-9277

4.2MEDIUM

Key Information:

Vendor

Novell
Status
Edirectory
Vendor
CVE Published:
2 October 2017

What is CVE-2017-9277?

The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.

Affected Version(s)

eDirectory < 9.0 SP4

References

https://www.novell.com/support/kb/doc.php?id=7016794
x_refsource_CONFIRM
https://www.netiq.com/documentation/edirectory-9/edirecto...
x_refsource_CONFIRM
https://bugzilla.suse.com/show_bug.cgi?id=1005473
x_refsource_CONFIRM

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.