SAINT CorporationSAINT:6432A19B890701621CA28D3F9DFF715DNovell ZENworks Asset Management rtrlet File Upload Traversal
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.941 High
EPSS
Percentile
99.2%
Added: 10/09/2012
CVE: CVE-2011-2653
BID: 50966
OSVDB: 77583
Background
Novell ZENworks is a resource management solution consisting of a management server and management agents.
Problem
The Asset Management module (ZAM) of ZENworks version 7.5 fails to validate the name of uploaded files via POST requests to the /rtrlet/ resource. An attacker may exploit this behavior to upload an executable Java file while traversing the directory structure, such that the uploaded file will be executed by the server.
Resolution
Apply the vendor supplied patch.
References
<http://www.zerodayinitiative.com/advisories/ZDI-11-342/>
Limitations
This exploit has been tested against Novell ZENworks Asset Management 7.5 on Windows Server 2003 SP2 English (DEP OptOut) and Windows Server 2008 SP2 English (DEP OptOut). The exploit may not execute immediately. It may take 15 seconds or more before the payload is executed. This exploit creates a remote shell web application named ‘exploit’ on the webserver. This application remains after the connection is closed and must be manually removed.
Platforms
Windows
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.941 High
EPSS
Percentile
99.2%