Access Control Bypass in Novell iChain 2.3
CVE-2004-2579

Currently unrated

Key Information:

Vendor: Novell
Status: Ichain
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2579?

The ACLCHECK module in Novell iChain 2.3 is susceptible to a flaw that allows attackers to bypass essential access control rules. This can be exploited through an attack vector utilizing a string containing escape sequences, specifically those represented by overlong UTF-8 encoding. By manipulating the input, an unauthorized individual may gain access to restricted resources, highlighting the need for prompt remediation for users of this software.

References

http://securitytracker.com/id?1011074

vdb-entryx_refsource_SECTRACK

http://support.novell.com/cgi-bin/search/searchtid.cgi?29...

x_refsource_CONFIRM

http://www.osvdb.org/9266

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Nov 28, 2005
Vulnerability published
Dec 31, 2004