NetIQ Sentinel Agent Manager NQMcsVarSet DumpToFile Remote Code Execution Vulnerability

  • 7015183
  • 12-Jun-2014
  • 03-Jul-2014

Environment

Sentinel Agent Manager

Situation

A vulnerability exists in Sentinel Agent Manager due to improper bounds checking on method input. The vulnerability could allow a malicious web site or e-mail message to cause systems hosting Sentinel Agent Manager components to crash, or to run arbitrary code within the privilege context of the browser or e-mail client.

For more details see the following URL:
http://zerodayinitiative.com/advisories/ZDI-14-134/

Resolution

Starting with Sentinel Agent Manager 7.2, Agent Manager disables the vulnerable method.
The latest Sentinel Agent Manager can be found with the latest Sentinel 7 patch at NetIQ Patch Finder.

NetIQ typically recommends that all Sentinel software components be updated to the same version, but if necessary, customers can temporarily run Sentinel Agent Manager 7.2 (including this fix) with Sentinel 7.1.x.

Cause

Sentinel Agent Manager prior to SAM 7.2 used the NQMcsVarSet ActiveX Control.

Additional Information

CVE-2014-3460 reported by Andrea Micalizzi (rgod) working with HP's Zero Day Initiative (ZDI)