A code execution vulnerability has been reported in the Novell iManager eDirectory plugin. The vulnerability is due to improper input validation of an argument's length by a sub-application. This user-supplied data is copied into a statically allocated stack buffer.

A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted parameters to the application in question. This can result in code execution within the privileges of the application.

The vendor has released a patch regarding this vulnerability. It can be found at:

http://www.novell.com/support/viewContent.do?externalId=7004985&sliceId=1

• Novell iManager 2.7

• Access vector is NETWORK
• Access complexity is LOW
• Level of authentication required is SINGLE
• Impact of this vulnerability on data confidentiality is COMPLETE
• Impact of this vulnerability on data integrity is COMPLETE
• Impact of this vulnerability on data availability is COMPLETE

• The exploitability level of this vulnerability is UNPROVEN
• The remediation level of this vulnerability is UNAVAILABLE
• The report confidence level of this vulnerability is CONFIRMED