Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2014.0146
A number of vulnerabilities have been identified in Novell
iManager prior to version 2.7 SP7 Patch 3.
23 December 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Novell iManager
Operating System: SUSE
Netware
Red Hat
Windows
Impact/Access: Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-3566 CVE-2014-0096 CVE-2014-0075
Member content until: Thursday, January 22 2015
OVERVIEW
A number of vulnerabilities have been identified in Novell iManager
prior to version 2.7 SP7 Patch 3.[1]
IMPACT
The vendor has provided the following details regarding the
vulnerabilities:
"TOMCAT
- Security Vulnerability: Poodle vulnerability in Tomcat
(Bug 903782) (CVE-2014-3566)
- Security Vulnerability:
Integer overflow (Bug 881886) (CVE-2014-0075)
- Security Vulnerability:
DefaultServlet.java does not properly restrict XSLT stylesheets (Bug
881886) (CVE-2014-0096)".[1]
MITIGATION
It is recommended that administrator update Novell iManager to
address these issues.
REFERENCES
[1] History of Issues Resolved for Novell iManager 2.7
http://www.novell.com/support/kb/doc.php?id=7010166
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVJkILRLndAQH1ShLAQL8LQ//QbJhGkvUwczkgAQ82brAB1oLN29t8PAE
RzhRFD1m13blmRnPAachJdeaIPMLOJw2DFylx55pD8j7BOjxLx9UaVR6VO+fbNbZ
WaoT1bMPFAmG2JRcvgV8aRDciAdj3ZFIDJfcL38db5ckc1Tu3Ru9Javp3HWM/avN
4PZvH9pCBfGv3kzIydr1VC+5SxJ4dbRIiGaoge8MPHJbyujU1IyBMYub5h8KtkUV
ppAkhmcUcfUfotIx5zhlhxVEishiqz6iT8shx9v8hv9aEX970hjSwE+HVZmBtQPc
wtJp5qjx0luQYthoc9cacauZA5ps6I5dIlxokbVBcwr9Ap4IIhAVK3U+ko44E+DB
eiYA0HHsWZaus62nrz5MB2pOwfHlvBmmURPkdXVqbAi7OzVTaivHAyNhzzONFqtS
Vam0ky6oC8tYPDYScVrqA9ow/pc737Bag1mOWxSUwFbSJVf+viFK0a5JHl1RF6bo
1i9seY7ZTQ8h+nial7twHZMtVSpEFR2geMVtp3vObpI+3K683BI/LsE+Ubov8Nmy
hPkMS4zP0FCLmjTBqRPNAvW/eLNRAvuJoOUYtBiViHRW1X4Gg1WAURIlVjPZU9Zb
8gpWcSxObdDxd9otz5V0Op/yplKsEuBLYmuMh7bJ6YiPDigpMs3qyL0C3YHem2qw
K/AWAsE8d7A=
=9Afg
-----END PGP SIGNATURE-----