Environment
Novell ZENworks Configuration Management 11.2.3
Situation
Directory traversal vulnerability when passing in parameters with GetFle Method within the umaninv service
Resolution
This is fixed in version 11.2.4 - see KB 7012027 "ZENworks
Configuration Management 11.2.4 - update information and list of fixes"
which can be found at https://support.microfocus.com/kb/doc.php?id=7012027
A change was added to block access to files using a relative path in the URL.
A change was added to block access to files using a relative path in the URL.
Cause
Files on the server could be accessed by giving the relative path in the URL.
For Example: By issuing the request: http://164.99.98.124/zenworks-unmaninv/?action=GetFile&Filename=../../catalog.ini&Type=4&Platform=11&Lang=0 the catalog.ini file could be downloaded.
For Example: By issuing the request: http://164.99.98.124/zenworks-unmaninv/?action=GetFile&Filename=../../catalog.ini&Type=4&Platform=11&Lang=0 the catalog.ini file could be downloaded.
Status
Security AlertAdditional Information
This vulnerability was discovered by: Brett Gervasoni and made available to Novell through Tipping Point
Identifiers:
ZDI-CAN-1790
CVE-2013-1084
List of binaries modified zenworks-unmaninv.war
Identifiers:
ZDI-CAN-1790
CVE-2013-1084
List of binaries modified zenworks-unmaninv.war