Novell Patches Vulnerability in eDirectory Product

Novell has fixed a vulnerability in its eDirectory service that could affect users who run the program on some Linux and WIndows platforms. The problem, a stack buffer overflow (CVE-2012-0432) is remotely exploitable and can be done without authentication, according to an alert issued yesterday by David Klein on the Full Disclosure mailing lists.

Information Disclosure Zero-Day Discovered in Novell ZENworks

A zero-day vulnerability in Novell ZENworks Asset Management Software 7.5 gives access to any files with system privileges and could also allow an attacker to grab configuration parameters, including the backend credentials in clear text, according to Rapid7 exploit developer Juan Vazquez who discovered the vulnerability and wrote an exploit module for Metasploit

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.