Novell File Reporter Agent FSFUI UICMD 126 Arbitrary File Download
High Nessus Plugin ID 62977
SynopsisAn application running on the remote host has an arbitrary file download vulnerability.
DescriptionThe version of Novell File Reporter Agent running on the remote host has an arbitrary file download vulnerability. Making a specially crafted POST request to /FSF/CMD for records with a name of FSFUI and UICMD of 126 could result in arbitrary files being downloaded. A remote, unauthenticated attacker could exploit this to download arbitrary files as root (against Linux targets) or SYSTEM (against Windows targets).
This version of Novell File Reporter Agent likely has other vulnerabilities, but Nessus has not checked for those issues.
SolutionThere is no known solution at this time.