Avotus CDR mm Arbitrary File Retrieval

(C) 2003-2011 Anonymous


Synopsis :

Arbitrary files may be read on the remote host.

Description :

The script attempts to force the remote Avotus CDR mm service to include
the file /etc/passwd accross the network.

Solution :

The vendor has provided a fix for this issue to all customers.
The fix will be included in future shipments and future versions of the
product.
If an Avotus customer has any questions about this problem, they should
contact support@avotus.com.

Risk factor :

High

Family: Misc.

Nessus Plugin ID: 11948 (avotus_mm.nasl)

Bugtraq ID:

CVE ID: