Novell File Reporter Agent XML Parser Buffer Overflow

2011-05-16T00:00:00
ID SAINT:4655BA4EA2D94F139734C3515A50112D
Type saint
Reporter SAINT Corporation
Modified 2011-05-16T00:00:00

Description

Added: 05/16/2011
CVE: CVE-2011-0994
BID: 47144
OSVDB: 71980

Background

Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where duplicates exist.

Problem

A stack overflow vulnerability exists in the agent process (NFRAgent.exe) of Novell File Reporter versions prior to 1.0.2. A remote attacker may send a malicious XML request to execute arbitrary code on the host.

Resolution

Upgrade to Novell File Reporter 1.0.2 or higher.

References

<http://download.novell.com/Download?buildid=rCAgCcbPH9s~>
<http://www.zerodayinitiative.com/advisories/ZDI-11-116/>

Limitations

This exploit has been tested against Novell File Reporter 1.0.1.1 running in Microsoft Windows Server 2003 SP2 English (DEP AlwaysOff) and Microsoft Windows XP SP3 English (DEP OptIn). This exploit requires the IO::Socket::SSL PERL module.

Platforms

Windows Server 2003
Windows XP