copyright
|
disclaimer
|
privacy
|
contact
HOME
About
AusCERT
Membership
Contact Us
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
Login »
Become a member »
Home
»
Security Bul...
»
By Year
»
2009
» ASB-2009.1021.2 - UPDATE [Win][Linux][Solaris] Novel...
ASB-2009.1021.2 - UPDATE [Win][Linux][Solaris] Novell Access Manager: Access privileged data - Existing account
Date:
27 May 2010
Related Files:
ASB-2009.1021
Click here for printable version
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2009.1021.2 File Access Vulnerability in Novell Access Manager 27 May 2010 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Novell Access Manager Operating System: Linux variants Solaris Windows Impact/Access: Access Privileged Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2009-4878 CVE-2009-4879 Revision History: May 27 2010: added CVEs July 21 2009: Initial Release OVERVIEW A file access vulnerability has been identified in Novell Access Manager 3.1. [1] IMPACT The vendor has confirmed that an unspecified vulnerability allows access to system files from the Administration console of Novell Access Manager. [1] MITIGATION Novell has provided a patch to correct the issue which is available to download from their website. [1] REFERENCES [1] Novell Access Manager 3.1 SP1 Readme http://www.novell.com/documentation/novellaccessmanager31/accessmanager_readme/data/accessmanager_readme.html#bk7qzpa AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iD8DBQFL/fHj/iFOrG6YcBERAj4uAKCoogBxJUJO6nTVDxcGB/R2STuvagCgn7AX 7V0nCFZdVELyBmglyq9NLZQ= =pWDI -----END PGP SIGNATURE-----
Comments? Click here
http://www.auscert.org.au/render.html?cid=10285&it=11342