Are You Taking a Risk by Using Novell Access Manager?

News

Contributed by: Egle Markauskaite
Date: July 21, 2009

	-4 Vote 0	Are You Taking a Risk by Using Novell Access Manager?

Are you using Novell Access Manager for your business or other purposes related to job management? If so, you should prick up your ears. If you are not using it or moreover, you haven't heard about it, it should be interesting for you to get to know about this access management product. Novell Access Manager offers users the same experience with apps, whether they are inside or outside the firewall, meaning no matter where they are.

Bad news was reported regarding Novell Access Manager. A vulnerability has been discovered in this software program. Remote attackers with an aim to compromise a vulnerable system, could exploit this vulnerability and obtain unauthorized access to arbitrary files and sensitive information on the system.

The next question is what is the main reason for this particular vulnerability? This security issue is provoked by an unidentified input validation error in the Administration Console while loading libraries, which enables attackers to inject a malicious library and execute arbitrary code remotely.

Affected Products
Novell Access Manager versions prior to 3.1 SP1
Novell Privileged User Manager version 2.2.0

Table 1. Affected products

Some of the features of Novell Access Manager might be similar to AOL Instant Messenger also known as AIM which is related to these files: IDLEMON.DLL, aimp_shell.dll, aimp2.exe, aimpro.exe and menu.dll.

Also, in some ways Novell Access Manager could contain similar features to MSN Messenger which is contains a file named msgplusloader.dll.

Are you a current user of Novell Access Manager? Have you faced this specific vulnerability? If your answer is yes, there is a solution provided for you. What you should do is upgrade to Novell Access Manager version 3.1 SP1. It is a simple way to update your current version of Novell Access Manager and get rid of the vulnerability.

Resources:
Original Novell Access Manager 3.1 SP1 Readme Information
Vulnerability Bulletin on Novell Access Manager Administration Console File Access Vulnerability
Novell Access Manager System File Access Vulnerability Alert
Overview on Novell Access Manager

User Comments

Lee Howarth July 24, 2009

I am the Product Manager for Novell Access Manager and your posting caused some real concern as security is obviously paramount for this kind of product. I did some research and it appears that you may have misinterpreted a fix that was made in SP1, which allowed a Novell Access Manager administrator - logged into the Admin console - to download files that extended beyond Access Manager logs. If you are aware of another issue please let me know.

Regards

Lee Howarth
Novell Product Mananager

Top 10 Malware Threats

1.	Security Monitor
2.	Win 7 Home Security
3.	AV Protection 2012
4.	Cloud AV 2012
5.	System Fix
6.	Privacy Protection
7.	System Security 2012
8.	Duqu Trojan
9.	Windows Monitor
10.	PC Shield 2012

Most searched files

1.	vprot.exe
2.	GameXNGO.exe
3.	setup.ovr
4.	RosebudMUI.msi
5.	fp_ax_cab_installer.exe
6.	phoenix.exe
7.	InfDefaultInstall.exe
8.	AcroPro.msi
9.	FlashUtil11c_ActiveX.exe
10.	WinBootstrapper.msi

Newest files

1.	FlashUtil32_11_2_202_228_ActiveX.exe
2.	sisnicxp.sys
3.	NTIDrvr.sys
4.	int15.sys
5.	anbmServ.exe
6.	E_FATIADA.EXE
7.	HP_IZE.exe
8.	viaagp1.sys
9.	SISAGPX.sys
10.	R8139n51.SYS

Home Tips Downloads Videos Files Virus list Vulnerabilities

Home > Computer Security > Are You Taking a Risk by Using Novell Access Manager?