Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

Novell Administration Console Arbitrary File Upload Vulnerability (CVE-2010-0284)

This document (7006255) is provided subject to the disclaimer at the end of this document.

Environment

Novell Access Manager 3.1 Administration Console on Windows
Novell Access Manager 3.1 Support Pack 1 applied

Situation

Using external scripts, it is possible to upload files to the Admin Console on Windows without requiring authentication. The issue is not visible on the Linux Admin Console platforms, and occurs because of the way the iManager server handles the path seperators on Windows. 

Resolution

Update to Access Manager 3.1 Support Pack 2 (build 3.1.2-281 or greater).

Additional Information

This vulnerability allows remote attackers to upload arbitrary files on
vulnerable installations of Novell Access Manager. Authentication is not
required to exploit this vulnerability.

The specific flaw exists within the PortalModuleInstallManager component
of the Novell Access Management Console which exists within the servlet located
within nps.jar. Due to a failure to sanitize '../' directory traversal
modifiers from a parameter an attacker can specify any filename to
upload arbitrary contents into. Successful exploitation can result in
code execution under the context of the service.



-- CREDIT --------------------------------------------------------------

This was reported as ZDI-CAN-635 by TippingPoint Corporation. The vulnerability was discovered by:
* Stephen Fewer of Harmony Security (www.harmonysecurity.com)

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7006255
  • Creation Date:10-JUN-10
  • Modified Date:26-APR-12
    • NetIQAccess Manager (NAM)

Did this document solve your problem? Provide Feedback