CVE-2011-2654 Information

Description

The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partially initialized session.

Reference

http://download.novell.com/Download?buildid=NSONlV5PqMo~ http://secunia.com/advisories/45845 http://www.securityfocus.com/bid/49432 http://www.securitytracker.com/id?1026006 http://zerodayinitiative.com/advisories/ZDI-11-278/