Environment
Novell ZENworks Configuration Management 11.2
Situation
A vulnerability has been identified with ZCM.
First, the relative path passed into the function is appended to the base path. That base path contains both 'preboot' and 'update', meaning that the additional checks can never fail. Second, there is no guard against the path traversal using '..' in the path. Together, these issues mean that arbitrary file download is possible without credentials.
First, the relative path passed into the function is appended to the base path. That base path contains both 'preboot' and 'update', meaning that the additional checks can never fail. Second, there is no guard against the path traversal using '..' in the path. Together, these issues mean that arbitrary file download is possible without credentials.
Resolution
This is fixed in version 11.3 - see KB 7014213 "ZENworks Configuration
Management 11.3 - update information and list of fixes" which can be
found at https://support.microfocus.com/kb/doc.php?id=7014213
Direct Download:
https://download.novell.com/Download?buildid=PHxec-QSMPQ~
Direct Download:
https://download.novell.com/Download?buildid=PHxec-QSMPQ~
Status
Security AlertAdditional Information
This vulnerability has been assigned the identifier CVE-2013-3706 by the CVE database
This vulnerability was discovered by:Mak Kolybabi and Provided by HP's Zero Day Initiative:
This vulnerability was discovered by:Mak Kolybabi and Provided by HP's Zero Day Initiative: