Update Protection against Novell iManager Tree Name Denial of Service Vulnerability
| Check Point Reference: | CPAI-2010-154 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory 40281 | |
| Industry Reference(s): | CVE-2010-1930 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Novell iManager 2.7 Novell iManager 2.7.3 Novell iManager 2.7.3 FTF2 | ||
| Vulnerability Description A denial of service vulnerability exists in Novell iManager, a web-based administration console that provides management of multiple Novell products.The vulnerability is due to insufficient validation of the TREE parameter during login access. By sending a crafted HTTP request to the target server, remote attackers can cause termination of the affected service, leading to a denial of service condition. |
||
|
Update/Patch Available The vendor has not released an update to address this issue. |
|
|
Vulnerability Details The vulnerability is due to a failure of the application to properly check the length of the variable TREE submitted within the iManager login request. |
Protection Overview
The protection will detect and block HTTP Requests to the Novel iManager webacc CGI with invalid values for the TREE parameter.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.