Novell File Reporter Engine "RECORD" tag Remote Code Execution Vulnerability

Release date:
Updated on:

Affected Systems:
Novell File Reporter 1.0.2
Novell File Reporter 1.0.1
Novell File Management Suite 2.2
Novell File Management Suite 2.1
Novell File Management Suite 2
Novell File Management Suite 1.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 48470
Cve id: CVE-2011-2220

The Novell File Reporter Engine is a mechanism for running the Novell File Reporter.

The Novell File Reporter Engine has a remote code execution vulnerability in the processing of RECORD tags. Remote attackers can exploit this vulnerability to execute arbitrary code with higher permissions, and completely control the affected computers or cause DOS.

This vulnerability is located in nfrengine.exe that communicates with the agentgroup via httpsand the tcpport 3035. When parsing tags in the <RECORD> element, the application does not check the size before passing the string to memcpy. Attackers can exploit this vulnerability to destroy the thread stack.

<* Source: gwslabs.com

Link: http://www.zerodayinitiative.com/advisories/ZDI-11-227/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Novell
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://support.novell.com/security-alerts