| Vector: | Remote |
| Severity: | High |
| Patch: | Patched |
| Impact: |
Denial of Service (DoS) Remote Code Execution (RCE) |
| Software: | Novell iChain 2.x |
A remote code execution vulnerability was discovered in Novell iChain Authentication.
Buffer overflow vulnerability exists in the authentication code handling user names as the size of user names is only restricted by a "SIZE" parameter in a HTML form, which can be easily bypassed. An attacker can cause a buffer overflow via an overly long user name (about 230 characters).
Solution:
For : Apply patches.
Links:
- http://support.novell.com/cgi-bin/search/searchtid.cgi
- http://support.novell.com/cgi-bin/search/searchtid.cgi
