TITLE:
Novell iChain Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA10022

VERIFY ADVISORY:
http://www.secunia.com/advisories/10022/

CRITICAL:
Highly critical

IMPACT:
Hijacking, DoS, System access

WHERE:
From remote

SOFTWARE:
Novell iChain 2.x

DESCRIPTION:
Novell has issued a support pack for iChain. This fixes the following
vulnerabilities, which can be exploited by malicious people to hijack
another user's session, cause a DoS (Denial of Service) and maybe
compromise a system.

1) A user can hijack another user's session if the new user's session
is opened on the same port.

2) The server can be crashed by using WGET.

3) iChain is affected by the OpenSSL vulnerabilities in the ASN.1
parsing.

For more information:
SA9886

SOLUTION:
Apply iChain 2.2 Support Pack 2 beta:
http://support.novell.com/servlet/filedownload/sec/ftf/b1ic22sp2.exe

ORIGINAL ADVISORY:
iChain 2.2 Support Pack 2 beta - TID2967175:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2967175.htm

OTHER REFERENCES:
SA9886:
http://www.secunia.com/advisories/9886/

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web	: http://www.secunia.com/
E-mail	: support@secunia.com
Tel	: +45 7020 5144
Fax	: +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://www.secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org

----------------------------------------------------------------------