Novell NetIQ Privileged User Manager Security Bypass

2012-12-03T00:00:00
ID SAINT:5CC4D825B122EC65E23BD30C66B6D2CC
Type saint
Reporter SAINT Corporation
Modified 2012-12-03T00:00:00

Description

Added: 12/03/2012
BID: 56539
OSVDB: 87334

Background

Novell NetIQ Privileged User Manager (NPUM) allows IT administrators to work on systems without exposing superuser (administrator or supervisor) passwords or root-account credentials to the administrator.

Problem

NetIQ Privileged User Manager 2.3.1 and earlier are vulnerable to remote code execution as a result of an error in the ldapagnt_eval() function in the ldapagnt.dll module not restricting access to certain methods.

Resolution

Contact the vendor for a fix.

References

<http://secunia.com/advisories/51291/>

Limitations

This exploit was tested against Novell Privileged User Manager 2.3.1 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) and Microsoft Windows Server 2008 SP2 (DEP OptOut).

The IO-Socket-SSL PERL module must be installed on the scanning host. This module is available from <http://www.cpan.org/modules/by-module/IO/>.

Platforms

Windows