Security Vulnerability: iManager crashes due to buffer overflow in jclient

  • 7002971
  • 04-Apr-2012
  • 27-Jan-2014


Novell iManager 2.7.4


The vulnerability can be triggered using the “Create Attribute” function from the web interface of Novell iManager. 
Authentication in the Novell iManager is needed to trigger the vulnerability.
Using a specially crafted “EnteredAttrName” parameter the overflow can be triggered.


The fix for this vulnerability is available in iManager 2.7.4 patch 4 available


A defect in jclient resulted in a buffer overflow.


Reported to Engineering

Additional Information

This vulnerability was reported by an anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure program.


This issue is also an expansion of CVE-2010-1929 reported by Core Securities.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.