BID:30497

Novell iManager Property Book Page Deletion Security Bypass Vulnerability

Info

Novell iManager Property Book Page Deletion Security Bypass Vulnerability

Bugtraq ID:	30497
Class:	Access Validation Error
CVE:	CVE-2008-3488
Remote:	Yes
Local:	Yes
Published:	Aug 01 2008 12:00AM
Updated:	May 07 2015 05:25PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Novell iManager 2.5 Novell iManager 2.0.2 Novell iManager 2.0 Novell iManager 1.5 Novell iManager 2.7.0 Novell iManager 2.6.0

Not Vulnerable:	Novell iManager 2.7.1

Discussion

Novell iManager Property Book Page Deletion Security Bypass Vulnerability

Novell iManager is prone to a security-bypass vulnerability because if fails to properly verify access to certain administrative functions.

Attackers can exploit this issue to delete the intended policy restrictions.

Versions prior to iManager 2.7 Support Pack 1 are vulnerable.

Exploit / POC

Novell iManager Property Book Page Deletion Security Bypass Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Novell iManager Property Book Page Deletion Security Bypass Vulnerability

Solution:
The vendor released iManager 2.7.1 to address this issue. Please see the references for more information.

References

Novell iManager Property Book Page Deletion Security Bypass Vulnerability

References:

5031820 iManager 2.7 Support Pack 1 (iManager 2.7.1) (Novell)
iManager Homepage (Novell)