Avotus CDR mm Arbitrary File Retrieval

(C) 2003-2011 Anonymous

Synopsis :

Arbitrary files may be read on the remote host.

Description :

The script attempts to force the remote Avotus CDR mm service to include
the file /etc/passwd accross the network.

Solution :

The vendor has provided a fix for this issue to all customers.
The fix will be included in future shipments and future versions of the
If an Avotus customer has any questions about this problem, they should
contact support@avotus.com.

Risk factor :


Family: Misc.

Nessus Plugin ID: 11948 (avotus_mm.nasl)

Bugtraq ID: