Novell Home

My Favorites

Close

Please to see your favorites.

Novell File Reporter 1.0.2 allows remote unauthenticated file transfer

This document (7011962) is provided subject to the disclaimer at the end of this document.

Environment

Novell File Reporter

Novell File Reporter 1.0.1

Novell File Reporter 1.0.2

Situation

Novell File Reporter Agent (NFRAgent.exe) may cause a buffer overflow copying user controlled data without bounds checking.  Results are unpredictable and may include execution of malicious code

Novell File Reporter Agent (NFRAgent.exe) allows a remote unauthenticated user to retrieve arbitrary remote files

Novell File Reporter Agent (NFRAgent.exe) allows a remote unauthenticated user to upload files to the host

Resolution

Find the fix on Novell’s patch finder site.  Select File Reporter and click Search.  Download and install the 14 Dec 2012 Novell File Reporter Agent Vulnerability Patch 1.0.

Cause

Failure to perform bounds checking in every circumstance

Failure to detect and control directory traversal characters in a file path

Failure to confirm an authenticated connection for each request received by the agent

Additional Information

The four vulnerabilities presented have been found in the same component, NFRAgent.exe, which communicates with the Agent component over HTTPS on TCP port 3037:

  • CVE-2012-4956 - Heap Overflow: When handling requests of name “SRS”, the NFRAgent.exe fails to generate a response in a secure way, copying user controlled data into a fixed-length buffer in the heap without bounds checking. This vulnerability can result in remote code execution under the context of the SYSTEM account.

  • CVE-2012-4957 - Arbitrary File Retrieval: When handling requests on “/FSF/CMD” for records with NAME “SRS”, OPERATION “4” and CMD “103” the NFRAgent.exe allows a remote unauthenticated user to retrieve arbitrary remote files, specified with the tag “PATH”, with SYSTEM privileges.
  • CVE-2012-4958 - Arbitrary File Retrieval: When handling requests on “/FSF/CMD” for records with NAME “FSFUI” and UICMD “126” the NFRAgent.exe allows a remote unauthenticated user to retrieve arbitrary remote text files, specified with the tag “FILE”, with SYSTEM privileges.
  • CVE-2012-4959 - Arbitrary File Upload: When handling requests on “/FSF/CMD” for records with NAME “FSFUI” and UICMD “130” the NFRAgent.exe allows a remote unauthenticated user to upload files to the host, specified with the tag “FILE”, with SYSTEM privileges. It allows to execute remote code with SYSTEM privileges.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011962
  • Creation Date:15-MAR-13
  • Modified Date:15-MAR-13
    • NovellFile Reporter

Did this document solve your problem? Provide Feedback