Novell ZENworks Mobile Management CVE-2013-1081 Local File Include Vulnerability

Bugtraq ID:	58402
Class:	Input Validation Error
CVE:	CVE-2013-1081
Remote:	Yes
Local:	No
Published:	Mar 07 2013 12:00AM
Updated:	Jun 12 2013 06:46PM
Credit:	Andrea Micalizzi
Vulnerable:
Not Vulnerable:

Novell ZENworks Mobile Management CVE-2013-1081 Local File Include Vulnerability

Novell ZENworks Mobile Management is prone to a local file include vulnerability because it fails to adequately validate user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer; other attacks are also possible.

Novell ZENworks Mobile Management 2.6.0, 2.6.1 and 2.7.0 are vulnerable.

NOTE: The CVE-2013-1082 issue has been moved to BID 60179 (Novell ZENworks Mobile Management CVE-2013-1082 Local File Include Vulnerability) to better document it.

Novell ZENworks Mobile Management CVE-2013-1081 Local File Include Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/58402.rb

Novell ZENworks Mobile Management CVE-2013-1081 Local File Include Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Novell ZENworks Mobile Management CVE-2013-1081 Local File Include Vulnerability

References: