OS command injection in Filr admin (CVE-2016-1608)

  • 7017789
  • 29-Jun-2016
  • 22-Jul-2016


Novell Filr 2.0
Novell Filr 1.2


A vulnerability in the Novell Filr admin may allow a remote attacker authenticated as an admin to execute arbitrary OS commands on the Filr server as the root user. Note that when used in conjunction with  CVE-2016-1607 (TID 7017786), that a remote attacker may be able to perform this attack without authentication by targeting a Filr admin user.


A fix for this issue is available in the Filr 2.0 Security Update 2 and Filr 1.2 Security Update 3, available via the Novell Patch Finder.

Special thanks to Wolfgang Ettlinger working with SEC Consult Vulnerability Lab for reporting this vulnerability to Micro Focus.