The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and code injection.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Identity_manager | Netiq | 3.0.1 (including) | 3.0.1 (including) |
References
- http://secunia.com/advisories/21888
- http://securitytracker.com/id?1016853
- http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974421.htm
- http://www.securityfocus.com/bid/20016
- http://www.vupen.com/english/advisories/2006/3607
- http://secunia.com/advisories/21888
- http://securitytracker.com/id?1016853
- http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974421.htm
- http://www.securityfocus.com/bid/20016
- http://www.vupen.com/english/advisories/2006/3607