Novell iManager EnteredClassName buffer overflow

2010-07-12T00:00:00
ID SAINT:D6A890BB049DF2B97E13009E798514EC
Type saint
Reporter SAINT Corporation
Modified 2010-07-12T00:00:00

Description

Added: 07/12/2010
CVE: CVE-2010-1929
BID: 40480
OSVDB: 65737

Background

Novell iManager is a web-based management interface for other Novell products.

Problem

A buffer overflow vulnerability in jclient.dll allows remote attackers to execute arbitrary commands by sending a specially crafted EnteredClassName parameter to the nps/servlet/webacc program.

Resolution

Upgrade to Novell iManager version 2.7.3 ftf4 or 2.7.4.

References

<http://secunia.com/advisories/40281>

Limitations

Exploit works on Novell iManager 2.7.3 and requires a valid Novell iManager login, password, and tree name.

Platforms

Windows