Novell has acknowledged a vulnerability in Novell Access Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).
Novell Access Manager 3.1 Linux Access Gateway
Novell Access Manager 3.1 Access Administration
Novell Access Manager 3.1 SSLVPN Server
Novell Access Manager 3.1 Windows Novell Identity Server
Novell Access Manager 3.1 Linux Novell Identity Server
Novell Access Manager 3.1 Java Agents
Novell Access Manager Java Double Literal Denial of Service Vulnerability.
The Double.parseDouble method in Java Runtime Environment in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in Novell Access Manager, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
Novell Access Manager ships with these vulnerable JRE versions and is therefor prone to attacks.
Multiple vulnerabilities have been reported in Sun Java, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
A remote user may be able to: 1. Manipulation of data 2. Exposure of sensitive information 3. DoS 4. System access
Apply a workaround (please see the vendor's advisory for details). A fix is scheduled to be released in the 3.1.3 IR1 patch. Download the FPUpdater tool.
Download and Copy to fpupdater.jar file
Related References: DOE-CIRC Tech Bulletin T-558