CVE-2010-1929

Novell iManager <=2.7.3 FTF2 - Authenticated RCE via EnteredClassID/NewClassName

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1929. PoCs published by Core Security Technologies.

AI-analyzed exploit summary The provided code is a proof-of-concept for CVE-2010-1930, an off-by-one error in Novell iManager's login process. It demonstrates a DoS attack by sending a maliciously crafted POST request with a 256-character 'TREE' field, causing the server to crash.

Description

Multiple stack-based buffer overflows in the jclient._Java_novell_jclient_JClient_defineClass@20 function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security Technologies · textdosnovell

https://www.exploit-db.com/exploits/14010

View Code ZIP pw:eip

The provided code is a proof-of-concept for CVE-2010-1930, an off-by-one error in Novell iManager's login process. It demonstrates a DoS attack by sending a maliciously crafted POST request with a 256-character 'TREE' field, causing the server to crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Novell iManager 2.7, 2.7.3, 2.7.3 FTF2

No auth needed

Prerequisites: Network access to the target Novell iManager instance

MITRE ATT&CK