Novell

This is Your Open EnterpriseTM

Novell File Reporter Agent Vulnerability Patch 1.0

This document (5154353) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Architecture: x86-64
Security patch: Yes
Priority: Mandatory
Distribution Type: Public

document

Revision: 1
Document ID: 5154353
Creation Date: 2012-12-11 13:27:18

abstract

Description :The version of Novell File Reporter Agent running on the remote host  has an arbitrary file download vulnerability.  Making a specially crafted POST request to /FSF/CMD for records with a name of FSFUI and UICMD of 126 could result in arbitrary files being downloaded.  A remote, unauthenticated attacker could exploit this to download arbitrary files as root (against Linux targets) or SYSTEM (against Windows targets)

details

Overview:

Description :The version of Novell File Reporter Agent running on the remote host  has an arbitrary file download vulnerability.  Making a specially crafted POST request to /FSF/CMD for records with a name of FSFUI and UICMD of 126 could result in arbitrary files being downloaded.  A remote, unauthenticated attacker could exploit this to download arbitrary files as root (against Linux targets) or SYSTEM (against Windows targets)

 System Requirements:

Installation:

RPM -Uvh

 Uninstalling:

Known Problems and Limitations:

Technical Support Information:

security fixes

CVE-2012-4956 - Heap Overflow
When handling requests of name "SRS", the NFRAgent.exe fails to generate a response in a secure way, copying user controlled data into a fixed-length buffer in the heap without bounds checking. This vulnerability can result in remote code execution under the context of the SYSTEM account.


CVE-2012-4957 - Arbitrary File Retrieval
When handling requests on "/FSF/CMD" for records with NAME "SRS", OPERATION "4" and CMD "103" the NFRAgent.exe allows a remote unauthenticated user to retrieve arbitrary remote files, specified with the tag "PATH", with SYSTEM privileges.

CVE-2012-4958 - Arbitrary File Retrieval
When handling requests on "/FSF/CMD" for records with NAME "FSFUI" and UICMD "126" the NFRAgent.exe allows a remote unauthenticated user to retrieve arbitrary remote text files, specified with the tag "FILE", with SYSTEM privileges.

CVE-2012-4959 - Arbitrary File Upload
When handling requests on "/FSF/CMD" for records with NAME "FSFUI" and UICMD "130" the NFRAgent.exe allows a remote unauthenticated user to upload files to the host, specified with the tag "FILE", with SYSTEM privileges. It allows to execute remote code with SYSTEM privileges.

file contents

Files IncludedSizeDate
NFR 1.0 Security Patch.zip4.2 MB (4420808)2012-12-11 12:54:49
readme_5154353.htmlN/A2012-12-11 13:27:19

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.