Arbitrary Command Execution via eDirectory POSIX Attribute Changes in Novell Identity Manager 4.0.2

Arbitrary Command Execution via eDirectory POSIX Attribute Changes in Novell Identity Manager 4.0.2

CVE-2014-4509 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters.

Learn more about our User Device Pen Test.