[VIM] ZDI-10-024: Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability
ZDI Disclosures
zdi-disclosures at tippingpoint.com
Wed Apr 21 17:39:46 UTC 2010
Hi Brian,
That's a valid point. Are you free for a phone chat perhaps tomorrow?
Best,
Kate
-----Original Message-----
From: security curmudgeon [mailto:jericho at attrition.org]
Sent: Saturday, April 17, 2010 3:10 PM
To: ZDI Disclosures
Cc: vim at attrition.org
Subject: Re: ZDI-10-024: Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability
Hi ZDI,
While trying to match the following advisory to OSVDB and CVE, I noticed something that I have seen a few times in the past regarding the way ZDI designates advisory IDs. I'd like to request that published ZDI advisories be enhanced in a small way to better cross-reference information released by ZDI. Example:
: ZDI-10-024: Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability
: http://www.zerodayinitiative.com/advisories/ZDI-10-024
: March 2, 2010
: [No CVE]
: http://www.novell.com/support/viewContent.do?externalId=7005341
I am trying to determine if this is the same as CVE-2010-0666 which links to http://www.novell.com/support/viewContent.do?externalId=3426981
That vendor changelog has the following entry:
EMBOX:
- Security Vulnerability: embox SOAP request causes eDirectory to core [ZDI-CAN-440] (Bug 548503)
Since ZDI-CAN-440 has been published, it no longer appears on your 'upcoming' advisories page. Your published advisories do not reference the previous ZDI-CAN-### designation. If ZDI could start to include that piece of information, it would help VDBs in avoiding duplicates should they create an entry based on an upcoming advisory.
Thanks,
Brian
OSVDB.org
More information about the VIM
mailing list