Novell iManager Stack Overflow in eDirectory Plugin Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1023675 |
|
SecurityTracker URL: http://securitytracker.com/id?1023675
|
|
CVE Reference:
CVE-2009-4486
(Links to External Site)
|
Date: Mar 4 2010
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 2.7.3
|
Description:
A vulnerability was reported in Novell iManager. A remote user can execute arbitrary code on the target system.
A remote user can send specially crafted data to trigger a buffer overflow in the eDirectory plugin in the processing of schema data and execute arbitrary code on the target system. The code will run with the privileges of the target service.
1c239c43f521145fa8385d64a9c32243 reported this vulnerability via the Zero Day Initiative.
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
The vendor has issued a fix (2.7.3).
The vendor's advisory is available at:
http://www.novell.com/support/php/search.do?cmd=displayKC&externalId=7004985
|
Vendor URL: www.novell.com/support/php/search.do?cmd=displayKC&externalId=7004985 (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 04 Mar 2010 05:01:27 +0000
Subject: Novell iManager
|
[Original Message Not Available for Viewing]
|
|
