OSVDB ID: 24047

Title: Novell NetWare NILE.NLM SSL Server Unspecified Weak Encryption Support

Info

Disclosure

Mar 17, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Novell NetWare and Novell Open Enterprise Server contains a unspecified flaw that may allow a malicious user to use a less secure SSL connection. The issue is triggered because SSL server implementation in NILE.NLM sometimes selects a weak cipher instead of an available stronger cipher. It is possible that the flaw may allow remote attackers to decrypt contents of an SSL protected session resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Cryptographic
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, vendor has released a patch NILE65SP5A.EXE to address this vulnerability.

Products

Novell, Inc.	Novell NetWare	6.5 SP4
		6.5 SP3
		6.5 SP2
		6.5 SP1
		6.5
		6.5 SP1.1(a)
		6.5 SP1.1(b)
	Novell Open Enterprise Server	0

References

Security Tracker: 1015799
Bugtraq ID: 17176
Secunia Advisory ID: 19324
CVE ID: 2006-0998 (see also: NVD)
Related OSVDB ID: 24046 24048
ISS X-Force ID: 25381
VUPEN Advisory: ADV-2006-1043
Vendor Specific Advisory URL: http://support.novell.com/cgi-bin/search/searchtid.cgi?10100633.htm
Keyword: TID10100633,NOVL105338

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/24047

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Novell, Inc.

Novell NetWare

Novell Open Enterprise Server

References

Credit