Novell ZENWorks Asset Management 'rtrlet' Component Remote Code Execution Vulnerability
BID:50966
Info
Novell ZENWorks Asset Management 'rtrlet' Component Remote Code Execution Vulnerability
| Bugtraq ID: | 50966 |
| Class: | Unknown |
| CVE: |
CVE-2011-2653 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 07 2011 12:00AM |
| Updated: | Aug 14 2012 07:00AM |
| Credit: | Anonymous |
| Vulnerable: |
Novell ZENworks Asset Management 7.5 |
| Not Vulnerable: | |
Discussion
Novell ZENWorks Asset Management 'rtrlet' Component Remote Code Execution Vulnerability
Novell ZENworks Asset Management is prone to a remote code-execution vulnerability.
An attacker can leverage this issue to upload an arbitrary file and place it in an arbitrary location on the affected system. Successful exploits will compromise the affected application, and the underlying system.
Novell ZENworks Asset Management is prone to a remote code-execution vulnerability.
An attacker can leverage this issue to upload an arbitrary file and place it in an arbitrary location on the affected system. Successful exploits will compromise the affected application, and the underlying system.
Exploit / POC
Novell ZENWorks Asset Management 'rtrlet' Component Remote Code Execution Vulnerability
An attacker can use a browser to exploit this issue.
The following exploit code is available:
An attacker can use a browser to exploit this issue.
The following exploit code is available:
Solution / Fix
Novell ZENWorks Asset Management 'rtrlet' Component Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Novell ZENWorks Asset Management 'rtrlet' Component Remote Code Execution Vulnerability
References:
References:
- ZAM 7.5 Remote Code Execution Vulnerability (Novell)
- ZENworks Asset Management Homepage (Novell)
- ZDI-11-342: Novell ZENworks Asset Management Remote Code Execution Vulnerability (Zero Day Initiative)