Check Point Advisories

Update Protection against Novell iManager getMultiPartParameters Unauthorized File Upload

Check Point Reference: CPAI-2011-107
Date Published: 18 Feb 2011
Severity: Critical
Last Updated: Saturday 01 January, 2011
Source: Secunia Advisory SA41687
Protection Provided by:
Who is Vulnerable? Novell iManager 2.7.3.2 and prior
Vulnerability Description A vulnerability was reported in Novell iManager, a web-based administration console that provides management of many other Novell products. The vulnerability is due to insufficient validation of the getMultiPartParametersfunction. A remote attacker could leverage this vulnerability to upload arbitrary content to arbitrary files on the target system.
Update/Patch AvaliableNovell has released an advisory to address this issue.
Vulnerability DetailsThe vulnerability is due to insufficient validation of user input within the getMultiPartParameters function. Since Novell iManager (via the Tomcat servlet container) runs as the SYSTEM user on Windows, successful exploitation would allow the upload of arbitrary files to any directory on a target system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK