Novell ZENworks Handheld Management Common.dll messageID Request Field Parsing Traversal Arbitrary File Creation
Medium Nessus Plugin ID 56668
SynopsisThe remote host is running a service affected by a directory traversal vulnerability.
DescriptionThe version of the 'Common.dll' library included with the ZENworks Handheld Management install on the remote Windows host is affected by a directory traversal vulnerability because it fails to sanitize user input to the 'messageID' field in requests of directory traversal sequences.
An unauthenticated, remote attacker with knowledge of the name / ID of the server can exploit this vulnerability to create arbitrary files on the remote host within the context of the ZENworks Handheld Management Server process.
SolutionApply Novell hotfix TID 7009486.