Novell Identity Manager - Arbitrary Command Execution

Author: anonymous
type: local
platform: novell
port: 
date_added: 2006-08-18 
date_updated: 2013-09-21 
verified: 1 
codes: CVE-2006-4310;OSVDB-30759 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/19688/info

Novell Identity Manager is prone to an arbitrary command-execution vulnerability.

A local attacker can exploit this issue to execute arbitrary commands with superuser privileges. Exploiting this issue allows attackers to completely compromise affected computers.

CMD="usermod -c $gecos"