In association with heise online

05 March 2007, 12:05

Vulnerability in Novell's SSL-VPN solution

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Novell has released an update for its Novell Access Manager SSL-VPN solution, which prevents users from being able to circumvent security policies to obtain access to arbitrary network resources. The source of the problem lies in the actX.ocx Active X control, which creates a file policy.txt during installation. This file specifies security policies. According to the bug report, the control sets the wrong privileges for the file, so that non-privileged users have access to and can modify this file. Novell Access Manager Version 3.0 IR1 is affected. An updated control in which the bug has been fixed is available.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit