VULNERABILITIES / FIXES - April 06, 2012
by Carol~ - 4/6/12 7:22 AM
Novell iManager jclient "EnteredAttrName" Buffer Overflow Vulnerability
Release Date : 2012-04-06
Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch
Software: Novell iManager 2.x
A vulnerability has been reported in Novell iManager, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
The vulnerability is caused due to an error in jclient when handling the "EnteredAttrName" parameter and can be exploited to cause a buffer overflow via the "Create Attribute" function in the web interface.
The vulnerability is reported in versions prior to 2.7.4 patch 4.
Update to version 2.7.4 patch 4.
Provided and/or discovered by:
The vendor credits Beyond Security.