SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   iChain Vendors:   Novell
Novell iChain GUI Lets Remote Users Gain Administrative Access
SecurityTracker Alert ID:  1013406
SecurityTracker URL:  http://securitytracker.com/id/1013406
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 9 2005
Impact:   Root access via network
Vendor Confirmed:  Yes  
Version(s): 2.3 and prior versions
Description:   An authentication vulnerability was reported in Novell iChain. A remote user can gain administrative access.

A remote user with the ability to monitor the network can hijack an administrative session. This can be achieved by monitoring communications sent to TCP port 51100 on the target iChain server, obtaining the authentication cookie (named 'PCZQX02'), and using the cookie value on a bogus iChain server under control of the remote user to redirect traffic to the target iChain server.

Novell credits Francisco Amato with reporting this vulnerability.

Impact:   A remote user with the ability to monitor the network can obtain administrative access on the target iChain server.
Solution:   No solution was available at the time of this entry.

As a temporary measure, Novell indicates that you should restrict access to the web GUI.

Vendor URL:  support.novell.com/cgi-bin/search/searchtid.cgi?/10096885.htm (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC