|
|
|
|
| |
Credit:
The information has been provided by Francisco Falcon.
The original article can be found at: http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities
|
| |
Vulnerable Systems:
* Novell iManager 2.7
* Novell iManager 2.7.3
* Novell iManager 2.7.3 FTF2
Immune Systems:
* Novell iManager 2.7.3 ftf4
* Novell iManager 2.7.4
Novell iManager is prone to a stack-based buffer overflow vulnerability that can be exploited by authenticated users to execute arbitrary code, and to an off-by-one error that can be abused by remote, unauthenticated attackers to cause a Denial of Service to the application.
Workaround:
In the meantime, users can mitigate these flaws by doing these countermeasures:
For [CVE-2010-1929 | 4048], establish a Web Application Firewall rule for limiting the length of the parameters EnteredClassID and NewClassName in POST requests to the URI /nps/servlet/webacc/.
For [CVE-2010-1930 | 4048], establish a Web Application Firewall rule for limiting the length of the parameter Tree in POST requests to the URI /nps/servlet/webacc/.
Similar rules can also be established in the Apache webserver of the iManager installation in order to mitigate these flaws.
CVE Information:
CVE-2010-1929
CVE-2010-1930
Disclosure Timeline:
2010-04-08: iManager team is notified of the vulnerability
2010-06-23: The advisory is published.
|
|
|
|
|
