Environment
Novell Access Manager 3.1 Access Gateway Service (AGS)
AGS running on Windows and Linux platforms
Novell Access Manager 3.1 SUpport Pack 3 Interim Release 2 applied
AGS running on Windows and Linux platforms
Novell Access Manager 3.1 SUpport Pack 3 Interim Release 2 applied
Situation
There has been a recent report of a vulnerability against Apache HTTP Server with a Byte Range DoS (CVE-2011-3192). Novell Access Manager ships with an Apache proxy server, whose version (v 2.2-13) is within the range of versions that could be susceptible to this vulnerability.
Resolution
The Access Gateway service is not vulnerable to this DoS. There is a script available at http://www.exploit-db.com/exploits/17696/ that allows you to test out the vulnerability. Running the test against the AGS shows that the code is not vulnerable.
ncsles11xen:~ # perl apache_range_vuln.pl linmag.lab.novell.com 50
Host does not seem vulnerable
ncsles11xen:~ # perl apache_range_vuln.pl linmag.lab.novell.com 50
Host does not seem vulnerable