Environment
Novell iManager 2.7.4
Situation
The vulnerability can be triggered using the “Create Attribute” function from the web interface of Novell iManager.
Authentication in the Novell iManager is needed to trigger the vulnerability.
Using a specially crafted “EnteredAttrName” parameter the overflow can be triggered.
Resolution
The fix for this vulnerability is available in iManager 2.7.4 patch 4 available https://dl.netiq.com
Cause
A defect in jclient resulted in a buffer overflow.
Status
Reported to EngineeringAdditional Information
This vulnerability was reported by an anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure program.
CVE-2011-4188
This issue is also an expansion of CVE-2010-1929 reported by Core Securities.
http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities
CVE-2011-4188
This issue is also an expansion of CVE-2010-1929 reported by Core Securities.
http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities