CVE-2007-6625

Name of the Vulnerable Software and Affected Versions Novell Identity Manager (IDM) version 3.5.1

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This is achieved by sending unspecified network traffic that triggers a syslog message containing invalid format string specifiers.

Recommendations For Novell Identity Manager (IDM) version 3.5.1, consider restricting access to the asampsp process in the Fan-Out Driver Platform Services to minimize the risk of exploitation. As a temporary workaround, monitor network traffic for suspicious activity that may trigger the vulnerable syslog message. At the moment, there is no information about a newer version that contains a fix for this vulnerability.