CVE-2010-1929

Name of the Vulnerable Software and Affected Versions Novell iManager versions 2.7 through 2.7.3 FTF2

Description The issue is related to multiple stack-based buffer overflows in the jclient. Java novell jclient JClient defineClass@20 function in jclient.dll. This allows remote authenticated users to execute arbitrary code via the EnteredClassID or NewClassName parameter to the "nps/servlet/webacc" endpoint.

Recommendations For Novell iManager versions 2.7 through 2.7.3 FTF2, consider restricting access to the jclient. Java novell jclient JClient defineClass@20 function in jclient.dll as a temporary workaround until a patch is available. Avoid using the EnteredClassID and NewClassName parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.