In response to the report from February 2nd NetIQ has made the following changes to the NetIQ product (NetIQ Security Solutions for iSeries) and the NetIQ Security Solutions for iSeries download web site:
- Customers who run the self-extracting executable will no longer have the vulnerable NetIQExec.dll restored on their system.
- NetIQ Security Solution for iSeries download pages have been updated with the fixed self-extracting executable.
Credit for the discovery of this vulnerability goes to:
Andrea Micalizzi (rgod) working with Zero Day Initiative (ZDI)