Novell File Reporter Engine RECORD Element Tag Parsing Overflow (credentialed check)

High Nessus Plugin ID 55471


The remote Windows host contains a service that is susceptible to a remote buffer overflow attack.


The version of Novell File Reporter (NFR) Engine installed on the remote Windows host is earlier than As such, it reportedly has a flaw in its handling of HTTP requests to the TCP port used to communicate with the NFR Agent, normally 3035. Specifically, the application fails to check the size of user-supplied strings before using them in a call to memcpy when parsing tags inside the '<RECORD>' element.

An unauthenticated, remote attacker with access to the service can leverage this vulnerability to corrupt the process thread's stack, possibly resulting in arbitrary code execution under the context of the SYSTEM account.


Apply the security patch referenced in Novell's advisory.

See Also

Plugin Details

Severity: High

ID: 55471

File Name: novell_file_reporter_engine_1_0_2_53.nasl

Version: $Revision: 1.8 $

Type: local

Agent: windows

Family: Windows

Published: 2011/06/30

Modified: 2015/01/12

Dependencies: 13855, 10456

Risk Information

Risk Factor: High


Base Score: 9.7

Temporal Score: 8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:novell:file_reporter

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/06/27

Vulnerability Publication Date: 2011/06/27

Exploitable With

CANVAS (White_Phosphorus)

Core Impact

Reference Information

CVE: CVE-2011-2220

BID: 48470

OSVDB: 73494

Secunia: 45065