copyright | disclaimer | privacy | contact

HOME   About AusCERT   Membership   Contact Us   PKI Services   Training   Publications   Sec. Bulletins   Conferences   News & Media   Services   Web Log   Site Map   Site Help   Member login Login »  Become a member »   Home » Security Bul... » By Year » 2009 » ASB-2009.1021.2 - UPDATE [Win][Linux][Solaris] Novel...   ASB-2009.1021.2 - UPDATE [Win][Linux][Solaris] Novell Access Manager: Access privileged data - Existing account Date: 27 May 2010 Related Files: ASB-2009.1021   Click here for printable version -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2009.1021.2 File Access Vulnerability in Novell Access Manager 27 May 2010 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Novell Access Manager Operating System: Linux variants Solaris Windows Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2009-4878 CVE-2009-4879 Revision History: May 27 2010: added CVEs July 21 2009: Initial Release OVERVIEW A file access vulnerability has been identified in Novell Access Manager 3.1. [1] IMPACT The vendor has confirmed that an unspecified vulnerability allows access to system files from the Administration console of Novell Access Manager. [1] MITIGATION Novell has provided a patch to correct the issue which is available to download from their website. [1] REFERENCES [1] Novell Access Manager 3.1 SP1 Readme http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html#bk7qzpa AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFL/fHj/iFOrG6YcBERAj4uAKCoogBxJUJO6nTVDxcGB/R2STuvagCgn7AX 7V0nCFZdVELyBmglyq9NLZQ= =pWDI -----END PGP SIGNATURE-----

Comments? Click here http://www.auscert.org.au/render.html?cid=10285&it=11342