Novell iChain prior to v2.2 SP2 beta contains multiple remote vulnerabilities which allow user session hijacking, denial of service, and possibly system compromise.
42d46c7a7fbdcf02338f099cde864377864379a43e501bd4158132aba1fa01dc
TITLE:
Novell iChain Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA10022
VERIFY ADVISORY:
http://www.secunia.com/advisories/10022/
CRITICAL:
Highly critical
IMPACT:
Hijacking, DoS, System access
WHERE:
From remote
SOFTWARE:
Novell iChain 2.x
DESCRIPTION:
Novell has issued a support pack for iChain. This fixes the following
vulnerabilities, which can be exploited by malicious people to hijack
another user's session, cause a DoS (Denial of Service) and maybe
compromise a system.
1) A user can hijack another user's session if the new user's session
is opened on the same port.
2) The server can be crashed by using WGET.
3) iChain is affected by the OpenSSL vulnerabilities in the ASN.1
parsing.
For more information:
SA9886
SOLUTION:
Apply iChain 2.2 Support Pack 2 beta:
http://support.novell.com/servlet/filedownload/sec/ftf/b1ic22sp2.exe
ORIGINAL ADVISORY:
iChain 2.2 Support Pack 2 beta - TID2967175:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967175.htm
OTHER REFERENCES:
SA9886:
http://www.secunia.com/advisories/9886/
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : support@secunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------