Security Vulnerability - Core-2010-0316 iManagerMultiple Vulnerabilities

  • 7006390
  • 01-Jul-2010
  • 27-Jan-2014

Environment

Novell iManager 2.7.3 FTF3 and prior

Situation

Novell iManager has two specific flaws that result in a stack-based buffer overflow vulnerability that can be exploited by authenticated users to execute arbitrary code, and to an off-by-one error that can be abused by remote, unauthenticated attackers to cause a Denial of Service to the application.

Stack-based buffer overflow:

Novell iManager provides a feature to create classes, under the 'Schema' menu. The class name is intended to have a maximum length of 32 characters. This limitation is enforced on the client side by setting a 'maxlength' property with a value of 32 in the proper form field, but no verification is performed on the server side to ensure that the user-defined class name is, at most, 32 characters long.

Off-by-one error: 

*Note is issue has only been reproduced on the Windows version of iManager

There is an off-by-one error in the code that handles the login process, that can be abused by remote, unauthenticated users to crash the iManager web server, thus denying the service to legitimate users. 


Resolution

This vulnerability is resolved by applying iManager 2.7.4 available at https://dl.netiq.com or available plugins in iManager configuration.

Status

Reported to Engineering
Security Alert

Additional Information

This vulnerability is reported as CORE-2010-0316 by CoreLabs, the research center of Core Security Technologies.