Vulnerability Note VU#273371
Novell File Reporter contains multiple vulnerabilities
Novell File Reporter 1.0.2 contains multiple vulnerabilities including a heap overflow, arbitrary file retrieval, and arbitrary file upload.
The Rapid7 advisory states:
CVE-2012-4956 - Heap Overflow
Additional details may be found in the Rapid7 blog post entitled "New 0day Exploits: Novell File Reporter Vulnerabilities".
A remote unauthenticated attacker may be able to execute code, retrieve arbitrary files, and upload arbitrary files to the host.
We are currently unaware of a practical solution to this problem. Please consider the following workaround.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Novell, Inc.||Affected||-||16 Nov 2012|
CVSS Metrics (Learn More)
Thanks to Juan Vazquez for reporting this vulnerability.
This document was written by Jared Allar.
- CVE IDs: CVE-2012-4956 CVE-2012-4957 CVE-2012-4958 CVE-2012-4959
- Date Public: 16 Nov 2012
- Date First Published: 16 Nov 2012
- Date Last Updated: 16 Nov 2012
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.