Novell ZENworks Configuration Management UploadServlet Remote Code Execution

Added: 05/10/2010
BID: 39114
OSVDB: 63412

Background

Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server architecture.

Problem

A remote code execution vulnerability exists in Novell ZENworks Configuration Management 10.x prior to 10.3. The vulnerability is due to insufficient input validation within the ZENworks Server's UploadServlet. Remote unauthenticated attackers can leverage this vulnerability to upload malicious files anywhere onto the target server.

Resolution

Upgrade to Novell ZENworks Configuration Managment 10.3.

References

http://secunia.com/advisories/39212/

Limitations

Exploit works on Novell ZENworks Configuration Management 10.2.0.
Because it takes time for the affected server to deploy the malicious file sent by the attacker, the exploit script has a 10-second pause during the attack. Thus it will take longer time than normal to establish the shell session.

Platforms

Windows

Back to exploit index