Novell iManager EnteredClassName buffer overflow

Added: 07/12/2010
CVE: CVE-2010-1929
BID: 40480
OSVDB: 65737

Background

Novell iManager is a web-based management interface for other Novell products.

Problem

A buffer overflow vulnerability in jclient.dll allows remote attackers to execute arbitrary commands by sending a specially crafted EnteredClassName parameter to the nps/servlet/webacc program.

Resolution

Upgrade to Novell iManager version 2.7.3 ftf4 or 2.7.4.

References

http://secunia.com/advisories/40281

Limitations

Exploit works on Novell iManager 2.7.3 and requires a valid Novell iManager login, password, and tree name.

Platforms

Windows

Back to exploit index