This module exploits a path traversal vulnerability in Novell ZENworks Asset Management. The specific flaw exists within a servlet provided within the Novell Zenworks distribution for uploading files. When processing the path name for the file, the servlet will allow a user to inject path traversal entities into the filename. Then, when the servlet downloads the provided file, the destination will store it to the user-provided location.
This module exploits a path traversal vulnerability in Novell ZENworks Asset Management. The flaw exists within the rtrlet component. This process listens on TCP port 8080. When handling an unauthenticated file upload the process does not properly sanitize the path. Directory traversal can be used to drop a file in an arbitrary location and a null byte inserted into the filename to provide arbitrary extension.
This module exploits a remote stack-based buffer overflow in Novell iManager by creating a class with an overly long name. In order to exploit this vulnerability, you must be able to login to any Novell eDirectory server via the target iManager application. This exploit will bypass DEP on Windows 2003 platforms by disabling it in the context of the current process.
Subscribe to Impact