Novell File Reporter Engine RECORD Element Tag Parsing Overflow (credentialed check)
High Nessus Plugin ID 55471
SynopsisThe remote Windows host contains a service that is susceptible to a remote buffer overflow attack.
DescriptionThe version of Novell File Reporter (NFR) Engine installed on the remote Windows host is earlier than 126.96.36.199. As such, it reportedly has a flaw in its handling of HTTP requests to the TCP port used to communicate with the NFR Agent, normally 3035. Specifically, the application fails to check the size of user-supplied strings before using them in a call to memcpy when parsing tags inside the '<RECORD>' element.
An unauthenticated, remote attacker with access to the service can leverage this vulnerability to corrupt the process thread's stack, possibly resulting in arbitrary code execution under the context of the SYSTEM account.
SolutionApply the security patch referenced in Novell's advisory.