ZCM PreBoot Service Information Disclosure Vulnerability - CVE-2013-3706

  • 7014663
  • 28-Feb-2014
  • 10-Mar-2014

Environment

Novell ZENworks Configuration Management 11.2

Situation

A vulnerability has been identified with ZCM. 
First, the relative path passed into the function is appended to the base path. That base path contains both 'preboot' and 'update', meaning that the additional checks can never fail. Second, there is no guard against the path traversal using '..' in the path. Together, these issues mean that arbitrary file download is possible without credentials.

Resolution

 This is fixed in version 11.3 - see KB 7014213 "ZENworks Configuration Management 11.3 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7014213
Direct Download:
https://download.novell.com/Download?buildid=PHxec-QSMPQ~

Status

Security Alert

Additional Information

This vulnerability has been assigned the identifier CVE-2013-3706 by the CVE database
This vulnerability was discovered by:Mak Kolybabi and Provided by HP's Zero Day Initiative: