CVE-2007-6625 - Format String Vulnerability vulnerability in Novell Identity Manager 3.5.1

Publication

2008-01-04

Last modification

2017-08-08

Summary

The Platform Service Process (asampsp) in Fan-Out Driver Platform Services for Novell Identity Manager (IDM) 3.5.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified network traffic that triggers a syslog message containing invalid format string specifiers, as demonstrated by a Nessus scan.

Description

Novell Identity Manager client is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the application. Given the nature of this issue, the attacker may be able to execute arbitrary code, but this has not been confirmed.This issue affects Novell Identity Manager 3.5.1; other versions may also be vulnerable.

Solution

Novell released a patch to address this issue. Please see the references for more information.

Exploit

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Classification

CWE-134 - Format String Vulnerability

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:N/A:P)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Novell Identity Manager  3.5.1