Novell Data Synchronizer Mobility Pack Unauthorized user access Security Vulnerability

  • 7008690
  • 02-Jun-2011
  • 10-Dec-2013

Environment

Novell Data Synchronizer Mobility Pack 1.0
Novell Data Synchronizer Mobility Pack 1.1

Situation

Novell Data Synchronizer Mobility Pack 1.1.2, and earlier, has a vulnerability that, in certain circumstances, could allow a user to gain unauthorized access to other user accounts.

Resolution

Please follow the steps listed below: 
  1. Make sure that the Mobility Pack Version is 1.1.1 (343) or 1.1.2 (428). Please follow the steps listed below to check the version
  2. Please download the file from the following link
    For 343 - Click here to download the patch for vulnerability
    For 428 - Click here to download the patch for vulnerability
  3. Browse to /opt/novell/datasync/syncengine/connectors/mobility/lib/device/ .
  4. Rename DeviceInterface.pyc to DeviceInterface.pyc.bak .
  5. Copy the appropriate DeviceInterface.pyc downloaded in step 2 and paste it in /opt/novell/datasync/syncengine/connectors/mobility/lib/device .
  6. Type "rcdatasync restart " and press Enter.

Status

Security Alert

Additional Information

Notes:
Affected versions:
Novell Data Synchronizer 1.0.x (all builds)
Novell Data Synchronizer 1.1.1 build 428 and earlier
 
This vulnerability was discovered and reported by iTEC Services (http://www.itec-services.de). CVE-2011-1711

Feedback service temporarily unavailable. For content questions or problems, please contact Support.