Novell NetIQ Privileged User Manager (NPUM) allows IT administrators to work on systems without exposing superuser (administrator or supervisor) passwords or root-account credentials to the administrator.
NetIQ Privileged User Manager 2.3.1 and earlier are vulnerable to an unauthenticated password reset vulnerability as a result of an error in the
pa_modify_accounts() function of the
auth.dll module. An attacker may reset the admin password and use the admin account to upload malicious files that they can execute on the server with SYSTEM privileges.
Contact the vendor for a fix. Restrict network access to the NetIQ Privileged User Manager service to users of the system.
This exploit has been tested against Novell Privileged User Manager 2.3.1 running on Microsoft Windows Server 2003 SP2 English (DEP OptOut) and Microsoft Windows Server 2008 SP2 (DEP OptOut).
This exploit changes the password for the admin account.
Exploit requires the IO-Socket-SSL PERL module to be installed on the scanning host. This module is available from <http://www.cpan.org/modules/by-module/IO/>.