Novell File Reporter Engine RECORD Element Tag Parsing Overflow (credentialed check)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a service that is susceptible to a
remote buffer overflow attack.

Description :

The version of Novell File Reporter (NFR) Engine installed on the
remote Windows host is earlier than 1.0.2.53. As such, it reportedly
has a flaw in its handling of HTTP requests to the TCP port used to
communicate with the NFR Agent, normally 3035. Specifically, the
application fails to check the size of user-supplied strings before
using them in a call to memcpy when parsing tags inside the '<RECORD>'
element.

An unauthenticated, remote attacker with access to the service can
leverage this vulnerability to corrupt the process thread's stack,
possibly resulting in arbitrary code execution under the context of
the SYSTEM account.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-227
http://www.securityfocus.com/archive/1/518632/30/0/threaded
http://download.novell.com/Download?buildid=leLxi7tQACs~

Solution :

Apply the security patch referenced in Novell's advisory.

Risk factor :

High / CVSS Base Score : 9.7
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:P)
CVSS Temporal Score : 8.0
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 55471 ()

Bugtraq ID: 48470

CVE ID: CVE-2011-2220

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now