Lucene search

[email protected]CVE-2014-4509

HistoryJun 21, 2014 - 3:55 p.m.

CVE-2014-4509

2014-06-2115:55:05

[email protected]

web.nvd.nist.gov

mkdquotesafe

fan-out platform services

novell identity manager

cve-2014-4509

security vulnerability

edirectory

posix

arbitrary commands

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters.

Affected configurations

NVD

Node

netiqidentity_managerMatch4.0.2

CPENameOperatorVersion
netiq:identity_managernetiq identity managereq4.0.2

CPE	Name	Operator	Version
netiq:identity_manager	netiq identity manager	eq	4.0.2

References

download.novell.com/Download?buildid=5XLmBl54_Rg~

www.securityfocus.com/bid/68139

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2014-4509

prion1 cvelist1 nvd1