Novell Home

My Favorites

Close

Please to see your favorites.

Novell Kanaka for Mac 2.7 trusts any SSL certificate during installation.

This document (7011965) is provided subject to the disclaimer at the end of this document.

Environment

Novell Kanaka for Mac

Situation

During the installation of Novell Kanaka for Mac 2.7, the product will trust any SSL certificate.  This creates a security threat that could give an attacker a opportunity to steal credentials.  While we feel that the threat is minimal since it is only an issue during the installation process, and access to the server during that time would be required, we do take this seriously and have made an update available which addresses this issue.

Resolution

Novell Kanaka for Macintosh is an add-on component for the Open Enterprise Server product.  Customers who have a current maintenance contract for OES are eligible to obtain the Kanaka product and licenses at no charge. 

The previously released version is 2.7.1.  The product team has created version 2.8. Version 2.8 is functionally equivalent to 2.7.1 with one change.  2.8 addresses a security vulnerability that can be exploited during the product installation. Once the system has been installed the vulnerability is no longer present.  Therefore previous installed 2.7.1 systems do not need the update in order to be secure, unless of course they re-install the software.

Both versions, 2.7.1 and 2.8 will be available on the customer portal for customers who own OES and have a current maintenance agreement.

Cause

A problem during the install process allows a would be attacker an opportunity, during the installation, to compromise credentials.

Additional Information

Credit for discovering and reporting this vulnerability is attributed to; swappiness0@gmail.com.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011965
  • Creation Date:15-MAR-13
  • Modified Date:22-APR-13
    • NovellKanaka for Mac

Did this document solve your problem? Provide Feedback