Novell NetIQ Privileged User Manager (NPUM) allows IT administrators to work on systems without exposing superuser (administrator or supervisor) passwords or root-account credentials to the administrator.
NetIQ Privileged User Manager 2.3.1 and earlier are vulnerable to remote code execution as a result of an error in the
ldapagnt_eval() function in the
ldapagnt.dll module not restricting access to certain methods.
Contact the vendor for a fix.
This exploit was tested against Novell Privileged User Manager 2.3.1 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) and Microsoft Windows Server 2008 SP2 (DEP OptOut).
The IO-Socket-SSL PERL module must be installed on the scanning host. This module is available from <http://www.cpan.org/modules/by-module/IO/>.