Off-by-one Error in Novell iManager Allows Denial of Service
CVE-2010-1930

Currently unrated

Key Information:

Vendor: Novell
Status: Imanager
Vendor: CVE Published:; 28 June 2010

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 23%

What is CVE-2010-1930?

The Novell iManager software contains an off-by-one error that can be exploited by remote attackers. By sending a specially crafted login request with a long tree parameter, an attacker can trigger a daemon crash, resulting in a denial of service. This vulnerability affects specific versions of iManager, allowing unauthorized users to disrupt service.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-1930 - Proof of Concept

References

http://www.securityfocus.com/bid/40485

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2010/1575

vdb-entryx_refsource_VUPEN

http://securitytracker.com/id?1024152

vdb-entryx_refsource_SECTRACK

EPSS Score

23% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 28, 2010
👾
Exploit known to exist
Jun 28, 2010
Vulnerability published
Jun 28, 2010
Vulnerability Reserved
May 11, 2010

CVE-2010-1930 Data

JSON