CVE-2014-3460 – Novell NetIQ Sentinel Agent Manager NQMcsVarSet DumpToFile Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-3460

Directory traversal vulnerability in the DumpToFile method in the NQMcsVarSet ActiveX control in Agent Manager in NetIQ Sentinel allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted pathname. Vulnerabilidad de salto de directorio en el método DumpToFile en el control NQMcsVarSet ActiveX en Agent Manager en NetIQ Sentinel permite a atacantes remotos crear archivos arbitrarios, y como consecuencia ejecutar código arbitrario, a través de un nombre de ruta manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NQMcsVarSet ActiveX control. The control exposes the DumpToFile method. • http://secunia.com/advisories/58635 http://www.novell.com/support/kb/doc.php?id=7015183 http://www.securityfocus.com/bid/67487 http://www.securitytracker.com/id/1030434 http://zerodayinitiative.com/advisories/ZDI-14-134 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •