Lucene search

[email protected]CVE-2006-4803

HistorySep 14, 2006 - 10:07 p.m.

CVE-2006-4803

2006-09-1422:07:00

[email protected]

web.nvd.nist.gov

novell

identity manager

idm

code execution

cve-2006-4803

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and “code injection.”

Affected configurations

NVD

Node

netiqidentity_managerMatch3.0.1

CPENameOperatorVersion
netiq:identity_managernetiq identity managereq3.0.1

CPE	Name	Operator	Version
netiq:identity_manager	netiq identity manager	eq	3.0.1

References

secunia.com/advisories/21888

securitytracker.com/id?1016853

support.novell.com/cgi-bin/search/searchtid.cgi?/2974421.htm

www.securityfocus.com/bid/20016

www.vupen.com/english/advisories/2006/3607

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2006-4803

cvelist1 nvd1