CVE-2011-2654 – Novell Cloud Manager Insufficient Framework User Validation Vulnerability
https://notcve.org/view.php?id=CVE-2011-2654
The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session. La implementación de RPC en el servidor de Novell Cloud Manager v1.1.2 anterior a la revisión 3 no inicializa correctamente los objetos, que permite a atacantes remotos ejecutar código arbitrario mediante llamadas RPC que aprovechan los privilegios incorrectos asociados con una sesión parcialmente inicializado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. • http://download.novell.com/Download?buildid=NSONlV5PqMo~ http://secunia.com/advisories/45845 http://www.securityfocus.com/bid/49432 http://www.securitytracker.com/id?1026006 http://zerodayinitiative.com/advisories/ZDI-11-278 • CWE-20: Improper Input Validation •