The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection."
http://www.vupen.com/english/advisories/2006/3607
http://www.securityfocus.com/bid/20016
http://securitytracker.com/id?1016853
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974421.htm
http://secunia.com/advisories/21888
Source: Mitre, NVD
Published: 2006-09-14
Updated: 2026-06-16
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: High
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS: 0.00093