[原文]ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding."
Novell iChain contains a flaw that may allow a malicious user to bypass the ACLCHECK mechanism. The issue is triggered when the user sends specially crafted UTF-8 encodings with escape sequences. It is possible that the flaw may allow the malicious user to bypass ACL restrictions resulting in a loss of confidentiality. No further details have been provided.
Currently, there are no known workarounds or upgrades to correct this issue. However, Novell has released a patch to address this vulnerability.