Security Vulnerability: iManager eDirectory Plugin Remote Code Execution
This document (7004985) is provided subject to the disclaimer at the end of this document.
Novell iManager 2.7.2 and prior
A flaw exists in an application called by the iManager in order to handle importing/exporting of schema information. While importing/exporting from the schema, the sub-application fails to validate the length of its arguments while copying user-supplied data into statically allocated stack buffer. This can result in code
execution under the privileges of the application.
Install SP3 or newer for iManager 2.7 and the eDirectory 2.7.3 or newer Plug-in available at http://dl.netiq.com
Note: If the file version.txt is used to determine the version of iManager by scanning software, this file has been deprecated and isn't being updated to reflect the actually installed version. The file can be manually modified to reflect the actual version, if it is being used by scanning software.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7004985
- Creation Date:07-DEC-09
- Modified Date:21-MAR-14
Did this document solve your problem? Provide Feedback