Security Vulnerability: iManager crashes due to buffer overflow in jclient

  • 7002971
  • 04-Apr-2012
  • 27-Jan-2014

Environment


Novell iManager 2.7.4

Situation

The vulnerability can be triggered using the “Create Attribute” function from the web interface of Novell iManager. 
Authentication in the Novell iManager is needed to trigger the vulnerability.
Using a specially crafted “EnteredAttrName” parameter the overflow can be triggered.



Resolution

The fix for this vulnerability is available in iManager 2.7.4 patch 4 available https://dl.netiq.com

Cause

A defect in jclient resulted in a buffer overflow.

Status

Reported to Engineering

Additional Information

This vulnerability was reported by an anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure program.

CVE-2011-4188

This issue is also an expansion of CVE-2010-1929 reported by Core Securities.

http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities

Feedback service temporarily unavailable. For content questions or problems, please contact Support.