PatchLink Update Server nwupload.asp Traversal Arbitrary File Write

medium Nessus Plugin ID 22116

Synopsis

The remote web server contains an ASP script that is affected by a directory traversal flaw.

Description

The remote host is running PatchLink Update Server, a patch and vulnerability management solution.

The version of PatchLink Update Server installed on the remote fails to sanitize input to the '/dagent/nwupload.asp' script of directory traversal sequences and does not require authentication before removing directories and writing to files as the user 'PLUS ANONYMOUS'. An unauthenticated attacker can leverage this flaw to remove directories required by the application and write arbitrary content to files on the affected host.

Note that Novell ZENworks Patch Management is based on PatchLink Update Server and is affected as well.

Solution

Apply patch 6.1 P1 / 6.2 SR1 P1 if using PatchLink Update Server or 6.2 SR1 P1 if using Novell ZENworks Patch Management.

See Also

https://www.securityfocus.com/archive/1/438710/30/0/threaded

http://support.novell.com/cgi-bin/search/searchtid.cgi?10100709.htm

Plugin Details

Severity: Medium

ID: 22116

File Name: plus_nwupload_dir_traversal.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 7/28/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Required KB Items: www/ASP

Exploit Ease: No exploit is required

Exploited by Nessus: true

Vulnerability Publication Date: 6/28/2006

Reference Information

CVE: CVE-2006-3426

BID: 18732