Novell Privileged User Manager Library Injection Arbitrary Code Execution (credentialed check)
Critical Nessus Plugin ID 40852
SynopsisArbitrary code can be executed on the remote host.
DescriptionThe version of the Novell Privileged User Manager Daemon running on the remote host contains a vulnerability that allows execution of arbitrary code.
Using a specially crafted 'spf' RPC call, an unauthenticated remote attacker can load arbitrary modules over the network and hence execute arbitrary code with the privileges of the daemon itself.
SolutionInstall Novell Privileged User Manager Framework Patch version 2.2.0 (Rev. 15198).