NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| File_reporter | Novell | * | 1.0.4.2 (including) |
| File_reporter | Novell | 1.0.1 (including) | 1.0.1 (including) |
| File_reporter | Novell | 1.0.1.1 (including) | 1.0.1.1 (including) |
| File_reporter | Novell | 1.0.2 (including) | 1.0.2 (including) |
References
- http://aluigi.org/adv/nfr_2-adv.txt
- http://secunia.com/advisories/45071
- http://securityreason.com/securityalert/8309
- http://securitytracker.com/id?1025716
- http://www.securityfocus.com/archive/1/518626/100/0/threaded
- http://aluigi.org/adv/nfr_2-adv.txt
- http://secunia.com/advisories/45071
- http://securityreason.com/securityalert/8309
- http://securitytracker.com/id?1025716
- http://www.securityfocus.com/archive/1/518626/100/0/threaded