SECUNIA ADVISORY ID: SA41194 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41194/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41194 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41194/#comments DESCRIPTION: A security issue has been reported in Novell Identity Manager, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the installer storing administrative credentials in the /tmp/idmInstall.log file. The security issue is reported in version 3.6.1. SOLUTION: Remove the /tmp/idmInstall.log file after the installation is completed. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.novell.com/support/viewContent.do?externalId=7006705 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ----------------------------------------------------------------------

What's Related http://secunia.com/advi... https://ca.secunia.com/... http://secunia.com/advi... http://www.novell.com/s... http://secunia.com/prod... http://secunia.com/prod... http://secunia.com/prod... http://secunia.com/prod... http://secunia.com/prod... http://secunia.com/advi... http://secunia.com/advi... More by kkbass More from Security

Story Options Mail Story to a Friend Printable Story Format

Trackback

Trackback URL for this entry: http://www.abend.org/trackback.php/20100831102559815

Red Hat Now Worth Almost 3.5 Times What Novell is Worth | Techrights
Tracked on Thursday, September 02 2010 @ 02:43 AM CDT

[SA41194] Novell Identity Manager Tree Credentials Information Disclosure | 0 comments | Create New Account

Newest First Oldest First Flat Nested No Comments Threaded

The following comments are owned by whomever posted them. This site is not responsible for what they say.