Presto! PageManager Network Group Service Packet Network Request Parsing Arbitrary File Access
High Nessus Plugin ID 59114
SynopsisArbitrary files may be read on the remote host.
DescriptionThe installation of Presto! PageManager on the remote host is bundled with a file transfer service referred to as 'NetGroup' or 'Network Group Service' that allows an unauthenticated, remote attacker to retrieve the contents of arbitrary files on the affected host.
Note that this service is also likely affected by denial of service (DoS) and heap-overflow vulnerabilities, although Nessus has not checked for them.
SolutionAs of this writing, no fix has been released. Until one has been released, you should either disable the 'Network Group Service' or limit access to it with a firewall.