CVE-2017-9277 - OpenCVE

The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA.

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Novell	Edirectory

Configuration 1 [-]

OR	cpe:2.3:a:novell:edirectory::::::::
	cpe:2.3:a:novell:edirectory:9.0:sp1::::::
	cpe:2.3:a:novell:edirectory:9.0:sp2::::::
	cpe:2.3:a:novell:edirectory:9.0:sp3::::::

No data.

References

Link	Providers
https://bugzilla.suse.com/show_bug.cgi?id=1005473
https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html
https://www.novell.com/support/kb/doc.php?id=7016794

History

Tue, 17 Sep 2024 00:15:00 +0000

Type	Values Removed	Values Added
Title	existing connection is being used even though eDirectory LDAP server is upgraded to EBA	existing connection is being used even though eDirectory LDAP server is upgraded to EBA

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2018-03-02T20:00:00Z

Updated: 2024-09-17T00:06:48.365Z

Reserved: 2017-05-29T00:00:00

Link: CVE-2017-9277

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-03-02T20:29:00.770

Modified: 2023-11-07T02:50:40.830

Link: CVE-2017-9277

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "eDirectory", "vendor": "Novell", "versions": [{"lessThan": "9.0 SP4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2017-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "inconsistent enabling of security feature", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:32", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.novell.com/support/kb/doc.php?id=7016794"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1005473"}], "source": {"advisory": "7016794", "defect": ["1005473"], "discovery": "INTERNAL"}, "title": "existing connection is being used even though eDirectory LDAP server is upgraded to EBA", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2017-10-02T00:00:00.000Z", "ID": "CVE-2017-9277", "STATE": "PUBLIC", "TITLE": "existing connection is being used even though eDirectory LDAP server is upgraded to EBA"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "eDirectory", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "9.0 SP4"}]}}]}, "vendor_name": "Novell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "inconsistent enabling of security feature"}]}]}, "references": {"reference_data": [{"name": "https://www.novell.com/support/kb/doc.php?id=7016794", "refsource": "CONFIRM", "url": "https://www.novell.com/support/kb/doc.php?id=7016794"}, {"name": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html", "refsource": "CONFIRM", "url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1005473", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1005473"}]}, "source": {"advisory": "7016794", "defect": ["1005473"], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:02:43.486Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.novell.com/support/kb/doc.php?id=7016794"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1005473"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-9277", "datePublished": "2018-03-02T20:00:00Z", "dateReserved": "2017-05-29T00:00:00", "dateUpdated": "2024-09-17T00:06:48.365Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novell:edirectory:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBDF50B6-0B4C-4610-B5D6-6D96D3F1C78A", "versionEndIncluding": "9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:edirectory:9.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "47DF7010-C59C-43CA-B30D-2C90EE93B1CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:edirectory:9.0:sp2:*:*:*:*:*:*", "matchCriteriaId": "D6DC14FC-3A10-4B29-8F88-C44B2013B508", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:edirectory:9.0:sp3:*:*:*:*:*:*", "matchCriteriaId": "B60F3208-693F-4701-9A6F-062365E8406F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to EBA (Enhanced Background Authentication) kept open connections without EBA."}, {"lang": "es", "value": "El backend LDAP en Novell eDirectory, en versiones anteriores a la 9.0 SP4, al cambiar a EBA (Enhanced Background Authentication) manten\u00eda las conexiones abiertas sin EBA."}], "id": "CVE-2017-9277", "lastModified": "2023-11-07T02:50:40.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2018-03-02T20:29:00.770", "references": [{"source": "security@opentext.com", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1005473"}, {"source": "security@opentext.com", "url": "https://www.netiq.com/documentation/edirectory-9/edirectory904_releasenotes/data/edirectory904_releasenotes.html"}, {"source": "security@opentext.com", "url": "https://www.novell.com/support/kb/doc.php?id=7016794"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}