CVE-2010-1929 – Novell iManager - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2010-1929

Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc. Múltiple desbordamiento de búfer basado en pila en la función jclient._Java_novell_jclient_JClient_defineClass@20 en jclient.dll en servidor Web Tomcat en Novell iManager v2.7, v2.7.3, y v2.7.3 FTF2 permite a usuarios autenticados remotos ejecutar código de su elección a través de lso parámetros (1) EnteredClassID o (2) NewClassName sobre nps/servlet/webacc. • https://www.exploit-db.com/exploits/14010 http://secunia.com/advisories/40281 http://securitytracker.com/id?1024152 http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities http://www.exploit-db.com/exploits/14010 http://www.osvdb.org/65737 http://www.securityfocus.com/archive/1/511983/100/0/threaded http://www.securityfocus.com/bid/40480 http://www.vupen.com/english/advisories/2010/1575 https://exchange.xforce.ibmcloud.com/vulnerabilities/59694 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •