From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 1 Nov 2006 19:18:40 +0200
Subject: [NEWS] Novell iManager Tomcat DoS
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20061101170656.6A15A57D5@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Novell iManager Tomcat DoS
------------------------------------------------------------------------
SUMMARY
<http://www.novell.com/products/consoles/imanager/overview.html >
iManager is a management portal for Novell's eDirectory server.
Remote exploitation of a DoS vulnerability in Novell Inc.'s iManager could
allow attackers to crash the iManager Tomcat server.
DETAILS
Vulnerable Systems:
* Novell iManager version 2.5.
The vulnerability specifically exists due to improper handling of a an
HTTP POST request with a long TREE parameter. When such a request is
received, a NULL pointer dereference occurs, leading to a crash of the
service. iDefense Labs testing has indicated that any string longer than
256 bytes will be effective.
Exploitation requires that an attacker send a specially constructed HTTP
request to the server. This crashes the server, making it unusable until
it is restarted.
Vendor Status:
Novell has addressed this vulnerability within iManager version 2.6.
Upgrading to this version will alleviate exposure to the vulnerability.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4517>;
CVE-2006-4517
Disclosure Timeline:
* 08/17/2006 - Initial vendor notification
* 08/18/2006 - Initial vendor response
* 10/06/2006 - Second vendor notification
* 10/31/2006 - Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by iDefense.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=436>;
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=436
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
