Detections
Analytics

Novell File Reporter Engine RECORD Element Tag Parsing Overflow (uncredentialed check)

high Nessus Plugin ID 55544

Language:

Synopsis

The remote host is running a service that is susceptible to a remote buffer overflow attack.

Description

The version of Novell File Reporter (NFR) Engine running on the remote host is vulnerable to a remote buffer overflow attack. Specifically, the application fails to check the size of user-supplied strings before using them in a call to memcpy when parsing tags inside the '<RECORD>' element.

An unauthenticated, remote attacker, accessing the service, could leverage this vulnerability to corrupt the process thread's stack, possibly resulting in arbitrary code execution under the context of a privileged account.

Solution

Apply the security patch referenced in Novell's advisory.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-11-227/

https://www.securityfocus.com/archive/1/518632/30/0/threaded

http://download.novell.com/Download?buildid=leLxi7tQACs~

Plugin Details

Severity: High

ID: 55544

File Name: novell_file_reporter_engine_stack_overflow.nbin

Version: 1.85

Type: remote

Published: 7/8/2011

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.7

Temporal Score: 8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:P

Vulnerability Information

Required KB Items: Services/NFR-engine

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/27/2011

Vulnerability Publication Date: 6/27/2011

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Reference Information

CVE: CVE-2011-2220

BID: 48470

Secunia: 45065