In association with heise online

05 April 2011, 10:53

Novell patches File Reporter vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Novell Logo Software and services firm Novell has warned of a security vulnerability (CVE-2011-0994) in its File Reporter product. According to a security advisory from the Zero Day Initiative (ZDI), Novell File Reporter is susceptible to a stack-based buffer overflow issue. This is caused by a boundary error in the File Reporter Agent (NFRAgent.exe) when handling the contents of a certain XML tag. This could, for example, be exploited by a malicious user to compromise a victim's system, possibly leading to the execution of arbitrary code with system privileges.

The vulnerability was discovered by Stephen Fewer of Harmony Security and first reported to Novell in October of last year by ZDI. All versions of Novell File Reporter up to and including 1.0.1 are said to be affected. To correct the issue, the company has issued a mandatory patch, version 1.0.2.

In addition to correcting the above security issue, the patch provides proxy support for Linux Agents and resolves proxy issues for Windows agents. The Novell File Reporter Patch 1.0.2 is available to download from the company's site.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1221769
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit