Advisory Details

August 26th, 2014

Novell Groupwise Administration Server FileUploadServlet poLibMaintenanceFileSave Information Disclosure Vulnerability

ZDI-14-296
ZDI-CAN-2287

CVE ID CVE-2014-0600
CVSS SCORE 7.8, (AV:N/AC:L/Au:N/C:C/I:N/A:N)
AFFECTED VENDORS Novell
AFFECTED PRODUCTS Groupwise
VULNERABILITY DETAILS


This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability.

The specific flaw exists in the handling of the poLibMaintenanceFileSave parameter within the FileUploadServlet. By abusing this flaw an attacker can disclose and destroy arbitrary files on the server and possibly leverage this information to achieve remote code execution in a subsequent attack.

VENDOR RESPONSE Novell has issued an update to correct this vulnerability. More details can be found at:
http://www.novell.com/support/kb/doc.php?id=7015566
DISCLOSURE TIMELINE
  • 2014-04-18 - Vulnerability reported to vendor
  • 2014-08-26 - Coordinated public release of advisory
CREDIT Andrea Micalizzi (rgod)
BACK TO ADVISORIES