Novell iManager - Multiple Vulnerabilities Key Information EDB-ID: 14010 CVE: CVE-2010-1930, CVE-2010-1929 Author: CORE SECURITY TECHNOLOGIES Type: DOS Platform: NOVELL Date: 2010-06-24 Vulnerable App: Novell iManager Vulnerability Information Classes Stack-based buffer overflow [CWE-119] Off-by-one error [CWE-193] Impact Code execution Denial of service Remotely Exploitable Yes Locally Exploitable No Vulnerability Description Novell iManager is a web-based administration console that allows custom access to network administration utilities and content from any location. It is prone to a stack-based buffer overflow vulnerability that can be exploited by authenticated users to execute arbitrary code and to an off-by-one error that can be abused by remote, unauthenticated attackers to cause a denial of service to the application. Vulnerable Packages Novell iManager 2.7 Novell iManager 2.7.3 Novell iManager 2.7.3 FTf2 Vendor Information, Solutions, and Workarounds Novell has planned a release of iManager 2.7.4 in August 2010. Users can mitigate these flaws by applying these countermeasures. Credits This vulnerability was discovered and researched by Francisco Falcon from Core Security Technologies.