NVD Vulnerability Detail

CVE-2017-5186

Summary	Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0.2.1, Novell eDirectory 8.8.x before 8.8 SP8 Patch 9 Hotfix 2, and NetIQ eDirectory 9.x before 9.0.2 Hotfix 2 (9.0.2.2) use the deprecated MD5 hashing algorithm in a communications certificate.
Publication Date	April 27, 2017, 11:59 p.m.
Registration Date	Jan. 26, 2021, 1:25 p.m.
Last Update	Nov. 21, 2024, 12:27 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:netiq:edirectory:9.0:::::::*
cpe:2.3:a:netiq:imanager:3.0.1:::::::*
cpe:2.3:a:novell:imanager::sp7_patch8::::::*		2.7
cpe:2.3:a:netiq:imanager:3.0:::::::*
cpe:2.3:a:netiq:edirectory:9.0.2:::::::*
cpe:2.3:a:netiq:edirectory:9.0.1:::::::*
cpe:2.3:a:netiq:imanager:3.0.2:::::::*
cpe:2.3:a:novell:edirectory::sp8_patch9::::::*		8.8

Related information, measures and tools

No	URL	refsource	タグ
1	https://bugzilla.novell.com/show_bug.cgi?id=1019041
2	https://bugzilla.novell.com/show_bug.cgi?id=1019041
3	https://bugzilla.novell.com/show_bug.cgi?id=1019789
4	https://bugzilla.novell.com/show_bug.cgi?id=1019789
5	https://bugzilla.novell.com/show_bug.cgi?id=988749
6	https://bugzilla.novell.com/show_bug.cgi?id=988749
7	https://www.novell.com/support/kb/doc.php?id=3426981
8	https://www.novell.com/support/kb/doc.php?id=3426981
9	https://www.novell.com/support/kb/doc.php?id=7010166
10	https://www.novell.com/support/kb/doc.php?id=7010166
11	https://www.novell.com/support/kb/doc.php?id=7016794
12	https://www.novell.com/support/kb/doc.php?id=7016794
13	https://www.novell.com/support/kb/doc.php?id=7016795
14	https://www.novell.com/support/kb/doc.php?id=7016795

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-327	不完全、または危険な暗号アルゴリズムの使用	https://cwe.mitre.org/data/definitions/327.html

JVN Vulnerability Information

複数の Novell および NetIQ 製品における暗号に関する脆弱性

Title	複数の Novell および NetIQ 製品における暗号に関する脆弱性
Summary	複数の Novell および NetIQ 製品には、暗号に関する脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 攻撃が行われる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 27, 2017, midnight
Registration Date	June 2, 2017, 4:12 p.m.
Last Update	June 2, 2017, 4:12 p.m.

Affected System

Novell

eDirectory 8.8 SP8 Patch 9 Hotfix 2 未満の 8.8.x

Novell iManager 2.7 SP7 Patch 9 未満の 2.7

NetIQ

NetIQ eDirectory 9.0.2 Hotfix 2 (9.0.2.2) 未満の 9.x

NetIQ iManager 3.0.2.1 未満の 3.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-5186	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5186
National Vulnerability Database (NVD)
2	CVE-2017-5186	https://nvd.nist.gov/vuln/detail/CVE-2017-5186

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html

ベンダー情報

No	Name	URL
Knowledgebase
1	History of Issues Resolved for iManager 3.x	https://www.novell.com/support/kb/doc.php?id=7016795
2	History of Issues Resolved for Novell iManager 2.7	https://www.novell.com/support/kb/doc.php?id=7010166
3	History of Issues Resolved in eDirectory 8.8.x	https://www.novell.com/support/kb/doc.php?id=3426981
4	History of Issues Resolved in eDirectory 9.x	https://www.novell.com/support/kb/doc.php?id=7016794
NetIQ
5	トップページ	https://www.netiq.com/ja-jp/

Change Log

No	Changed Details	Date of change
0	[2017年06月02日] 掲載	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:netiq:edirectory:9.0:::::::*
cpe:2.3:a:netiq:imanager:3.0.1:::::::*
cpe:2.3:a:novell:imanager::sp7_patch8::::::*		2.7
cpe:2.3:a:netiq:imanager:3.0:::::::*
cpe:2.3:a:netiq:edirectory:9.0.2:::::::*
cpe:2.3:a:netiq:edirectory:9.0.1:::::::*
cpe:2.3:a:netiq:imanager:3.0.2:::::::*
cpe:2.3:a:novell:edirectory::sp8_patch9::::::*		8.8