CVE-2014-4509

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://download.novell.com/Download?buildid=5XLmBl54_Rg~	Patch
http://www.securityfocus.com/bid/68139	Third Party Advisory VDB Entry
http://download.novell.com/Download?buildid=5XLmBl54_Rg~	Patch
http://www.securityfocus.com/bid/68139	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:netiq:identity_manager:4.0.2:*:*:*:*:*:*:*

History

21 Nov 2024, 02:10

Type	Values Removed	Values Added
References	~~() http://download.novell.com/Download?buildid=5XLmBl54_Rg~ - Patch~~	() http://download.novell.com/Download?buildid=5XLmBl54_Rg~ - Patch
References	~~() http://www.securityfocus.com/bid/68139 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/68139 - Third Party Advisory, VDB Entry

Information

Published : 2014-06-21 15:55

Updated : 2024-11-21 02:10

NVD link : CVE-2014-4509

Mitre link : CVE-2014-4509

CVE.ORG link : CVE-2014-4509

JSON object : View

Products Affected

netiq

identity_manager

CWE

NVD-CWE-Other

{"id": "CVE-2014-4509", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-06-21T15:55:05.417", "references": [{"url": "http://download.novell.com/Download?buildid=5XLmBl54_Rg~", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/68139", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://download.novell.com/Download?buildid=5XLmBl54_Rg~", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/68139", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters."}, {"lang": "es", "value": "La funci\u00f3n MKDQUOTESAFE en la secuencias de comandos del controlador Fan-out en Fan-Out Platform Services en Novell Identity Manager (tambi\u00e9n conocido como IDM) 4.0.2 permite a usuarios locales ejecutar comandos arbitrarios mediante el aprovechamiento de cambios de atributos de eDirectory POSIX para insertar metacaracteres de shell."}], "lastModified": "2024-11-21T02:10:19.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netiq:identity_manager:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0416C5D1-8958-4DE6-8C25-7DAEB3502604"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\"", "sourceIdentifier": "cve@mitre.org"}