Environment
Novell Data Synchronizer Mobility Pack 1.0
Novell Data Synchronizer Mobility Pack 1.1
Situation
Novell Data Synchronizer Mobility Pack 1.1.2, and earlier, has a vulnerability that, in certain circumstances, could allow a user to gain unauthorized access to other user accounts.
Resolution
Please follow the steps listed below:
- Make sure that the Mobility Pack Version is 1.1.1 (343) or 1.1.2 (428). Please follow the steps listed below to check the version
- Open a terminal session to the Mobility Server
- Type "cat /opt/novell/datasync/version "
- If the Mobility Pack Version is not 343 or 428, please follow the sub-steps listed below
- Download and Upgrade to Mobility Pack 1.1.1 or Mobility Pack 1.1.2. Please follow the steps in the following link to apply the update
https://support.microfocus.com/kb/doc.php?id=7007012&sliceId=1&docTypeID=DT_TID_1_1&dialogID=237416781&stateId=0%200%20237412939
- Browse to /opt/novell/datasync/syncengine/connectors/mobility/lib/device/ .
- Rename DeviceInterface.pyc to DeviceInterface.pyc.bak .
- Copy the appropriate DeviceInterface.pyc downloaded in step 2 and paste it in /opt/novell/datasync/syncengine/connectors/mobility/lib/device .
- Type "rcdatasync restart " and press Enter.
Status
Security AlertAdditional Information
Notes:
Affected versions:
Novell Data Synchronizer 1.0.x (all builds)
Novell Data Synchronizer 1.1.1 build 428 and earlier
Novell Data Synchronizer 1.0.x (all builds)
Novell Data Synchronizer 1.1.1 build 428 and earlier
This vulnerability was discovered and reported by iTEC Services (http://www.itec-services.de). CVE-2011-1711