Check Point Advisories

Novell ZENworks Handheld Management Upload Directory Traversal

Check Point Reference:	CPAI-2011-126
Date Published:	5 Jan 2012
Severity:	Critical
Last Updated:	Saturday 01 January, 2011
Source:
Protection Provided by:
Who is Vulnerable?	Novell ZENworks Handheld Management 7.0.2.61213 and prior
Vulnerability Description	A directory traversal vulnerability has been reported in Novell ZENworks Handheld Management.
Vulnerability Details	The vulnerability is due to insufficient sanitization while handling malformed incoming messages. A remote attacker may leverage this flaw by sending a specially crafted request to an affected server. Successful exploitation would allow an attacker to create files in an arbitrary location on the target server, possibly resulting in full system compromise of a target system.