Detections
Analytics

Novell PlateSpin Orchestrate Remote Code Execution

critical Nessus Plugin ID 50023

Language:

Synopsis

Arbitrary code may be run on the remote host.

Description

Novell PlateSpin Orchestrate is installed on the remote host.

According to its version, this software does not properly sanitize user data before calling a graph rendering module which reportedly can be abused by an unauthenticated, remote attacker to run arbitrary code and gain complete control of the affected system.

Note that Nessus only checked the version of the installed software.

Solution

Upgrade to Novell PlateSpin Orchestrate 2.5 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-10-178/

http://download.novell.com/Download?buildid=BkIPy5JtULM~

Plugin Details

Severity: Critical

ID: 50023

File Name: novell_platespin_orchestrate_remote_exec.nasl

Version: 1.6

Type: remote

Published: 10/19/2010

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 9/13/2010

Vulnerability Publication Date: 10/8/2010

Reference Information

BID: 43242

Secunia: 27994