CVE-2014-4509

2014-06-21T15:55:00
ID CVE-2014-4509
Type cve
Reporter cve@mitre.org
Modified 2018-09-27T21:30:00

Description

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters. Per: http://cwe.mitre.org/data/definitions/77.html

"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"