[VIM] ZDI-10-024: Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability

ZDI Disclosures zdi-disclosures at tippingpoint.com
Mon Apr 26 14:41:07 UTC 2010


Brian,

Yes, once issues are public it loses the ZDI-CAN-#. I understand how showing both would be helpful to you.

I will bring up your request with the team. 
In this case, I am happy to confirm that it is indeed ZDI-CAN-440 and since you have provided the CVE ID for me, I went ahead and udpated the published advisories site to include it.

Best,
Kate 

-----Original Message-----
From: security curmudgeon [mailto:jericho at attrition.org] 
Sent: Saturday, April 17, 2010 3:10 PM
To: ZDI Disclosures
Cc: vim at attrition.org
Subject: Re: ZDI-10-024: Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability



Hi ZDI,

While trying to match the following advisory to OSVDB and CVE, I noticed something that I have seen a few times in the past regarding the way ZDI designates advisory IDs. I'd like to request that published ZDI advisories be enhanced in a small way to better cross-reference information released by ZDI. Example:

: ZDI-10-024: Novell eDirectory SOAP Request Parsing Denial of Service Vulnerability
: http://www.zerodayinitiative.com/advisories/ZDI-10-024
: March 2, 2010
: [No CVE]
: http://www.novell.com/support/viewContent.do?externalId=7005341

I am trying to determine if this is the same as CVE-2010-0666 which links to http://www.novell.com/support/viewContent.do?externalId=3426981

That vendor changelog has the following entry:
EMBOX:
- Security Vulnerability: embox SOAP request causes eDirectory to core [ZDI-CAN-440]  (Bug 548503)

Since ZDI-CAN-440 has been published, it no longer appears on your 'upcoming' advisories page. Your published advisories do not reference the previous ZDI-CAN-### designation. If ZDI could start to include that piece of information, it would help VDBs in avoiding duplicates should they create an entry based on an upcoming advisory.

Thanks,

Brian
OSVDB.org


More information about the VIM mailing list