PT-2006-5306 · Novell · Novell Identity Manager

Published

2006-08-31

Updated

2018-09-27

CVE-2006-4506

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Novell Identity Manager (IDM) version 3.0.1

Description The issue allows local users to execute arbitrary commands, possibly involving the use of quote and backslash characters and eval injection in the idmlib.sh script within the nxdrv component.

Recommendations For Novell Identity Manager (IDM) version 3.0.1, consider restricting access to the idmlib.sh script to prevent local users from executing arbitrary commands until a patch is available. Avoid using the quote and backslash characters in the script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4506

Affected Products

Novell Identity Manager

PT-2006-5306 · Novell · Novell Identity Manager

CVE-2006-4506

Related Identifiers

Affected Products

References · 4