CVE-2011-2653
Novell ZENworks Asset Management Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
Vulnerabilidad de salto de directorio en el componente rtrlet en Novell ZENworks Asset Management (ZAM) v7.5, permite a atacantes remotos ejecutar comandos de su elección subiendo un archivo ejecutable.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Asset Management. Authentication is not required to exploit this vulnerability.
The flaw exists within the rtrlet component. This process listens on TCP port 8080. When handling an unauthenticated file upload the process does not properly sanitize the path. Directory traversal can be used to drop a file in an arbitrary location and a null byte inserted into the filename to provide arbitrary extension. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-07-06 CVE Reserved
- 2011-12-07 CVE Published
- 2012-08-15 First Exploit
- 2024-09-17 CVE Updated
- 2024-11-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://download.novell.com/Download?buildid=hPvHtXeNmCU~ | X_refsource_confirm | |
http://zerodayinitiative.com/advisories/ZDI-11-342 | X_refsource_misc |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/20502 | 2012-08-15 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Novell Search vendor "Novell" | Zenworks Asset Management Search vendor "Novell" for product "Zenworks Asset Management" | 7.5 Search vendor "Novell" for product "Zenworks Asset Management" and version "7.5" | - |
Affected
|