Novell ZENworks umaninv Information Disclosure Vulnerability - CVE-2013-1084

  • 7012760
  • 02-Jul-2013
  • 16-Jan-2014

Environment

Novell ZENworks Configuration Management 11.2.3

Situation

Directory traversal vulnerability when passing in parameters with GetFle Method within the umaninv service

Resolution

This is fixed in version 11.2.4 - see KB 7012027 "ZENworks Configuration Management 11.2.4 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7012027

A change was added to block access to files using a relative path in the URL.

Cause

Files on the server could be accessed by giving the relative path in the URL.

For Example: By issuing the request: http://164.99.98.124/zenworks-unmaninv/?action=GetFile&Filename=../../catalog.ini&Type=4&Platform=11&Lang=0 the catalog.ini file could be downloaded.

Status

Security Alert

Additional Information

This vulnerability was discovered by: Brett Gervasoni and made available to Novell through Tipping Point

Identifiers:
ZDI-CAN-1790
CVE-2013-1084

List of binaries modified zenworks-unmaninv.war