Environment
NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
NetIQ Access Manager 4.0
NetIQ Access Manager 4.1
NetIQ Access Manager 4.0
Situation
When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.
Is NAM effected by this?
Resolution
NAM uses PKCS12 content formats and is not effected by this vulnerability.