Novell patches File Reporter vulnerability
Software and services firm Novell has warned of a security vulnerability (CVE-2011-0994) in its File Reporter product. According to a security advisory from the Zero Day Initiative (ZDI), Novell File Reporter is susceptible to a stack-based buffer overflow issue. This is caused by a boundary error in the File Reporter Agent (NFRAgent.exe) when handling the contents of a certain XML tag. This could, for example, be exploited by a malicious user to compromise a victim's system, possibly leading to the execution of arbitrary code with system privileges.
The vulnerability was discovered by Stephen Fewer of Harmony Security and first reported to Novell in October of last year by ZDI. All versions of Novell File Reporter up to and including 1.0.1 are said to be affected. To correct the issue, the company has issued a mandatory patch, version 1.0.2.
In addition to correcting the above security issue, the patch provides proxy support for Linux Agents and resolves proxy issues for Windows agents. The Novell File Reporter Patch 1.0.2 is available to download from the company's site.
- Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability, security advisory from the Zero Day Initiative.
- Novell acquisition delayed till April 12th, a report from The H.