Intrusion Prevention

Novell.File.Reporter.Agent.Arbitrary.File.Delete

Description

This indicates an attack attempt to exploit an Access Control vulnerability in Novell File Reporter.
The vulnerability is due to an design error when the vulnerable software handles a HTTP request. Remote attackers may be able to exploit this to delete arbitrary file through the vulnerable software.

Affected Products

Novell File Reporter version 1.0.1
Novell File Reporter version 1.0.1.1
Novell File Reporter version 1.0.2
Novell File Reporter version 1.0.4.2 and prior

Impact

Privilege Escalation: Remote attacker could delete any arbitrary file on the remote system and shares with SYSTEM privileges

Recommended Actions

Currently we are unaware of any vendor supplied patch for this issue.

CVE References

CVE-2011-2750