Imaging Security "Only allow uploads to the following directories" can be bypassed

  • 3563780
  • 28-Feb-2007
  • 30-Apr-2012

Environment

Novell ZENworks 7 Desktop Management on Linux Support Pack 1 - ZDML7 SP1 Imaging
Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Imaging

Situation

Imaging"Only allow uploads to the following directories" can be bypassed
From a bash prompt an end user may have the ability to upload an image to a folder above or below the folder specified in the "Only allow uploads to the following directories" Imaging Sever Policy, Security Upload Restriction.

Resolution

Fixed in ZENworks 7 Desktop Management Service Pack 1 Interim Release 3a, available at Novell Downloads

Status

Security Alert

Additional Information

Reported by Jelmer Graafstra