Novell Netstorage Multiple Vulnerabilities

2009.03.28
Credit: Bugs NotHugs
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

- Novell Netstorage Multiple Vulnerabilities - Description "Novell NetStorage acts as a bridge between a company's protected Novell network and the Internet, providing protected file access from any Internet location. Files and folders on a Novell NetWare&#174; 6.5 server or Novell Open Enterprise Server can be accessed using either a browser or via Network Neighborhood and Microsoft Web Folders; no Novell Client^&#217; software is required. Users can securely access files from any IP-enabled machine via Secure Sockets Layer (SSL) and Secure Hypertext Transfer Protocol (HTTPS)." Novell NetStorage contains a wide variety of vulnerabilities that may allow an attacker to cause a denial of service, gain configuration information or exploit other users of the application. #1 - Filter Field XSS The 'filter' field does not sanitize user-supplied input. An attacker could use this to carry out cross-site scripting attacks against other authenticated users. ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--> </SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> #2 - Mail File Action Path Disclosure On a file list, if a user right clicks a file, chooses the 'mail' option and then pastes script code in any field, the application will produce an error message disclosing the installation path: Paste the following script: ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->< /SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> Resulting error: OES: 'file:/var/opt/novell/novlwww/email.xsl': (1): mismatched end tag: expected "to" but got "SCRIPT" Netware: 'file:/SYS:/tomcat/4/email.xsl': (1): mismatched end tag: expected "subject" but got "SCRIPT" #3 - File Attribute Malformed Input Server DoS When interacting with files, a user can right click on the file and click either 'NFS Info' or 'Netware Info'. Supplying script code into various fields will cause the Netware server to abend and lock up. Note: This was only tested on version 2.0.1 on netware 6.5 SP6, not OES. The following script code causes the issue: ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->< /SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> - Product Novell Inc., Netstorage, 3.1.5-19 on OES - 2.0.1 on netware 6.5 SP6 - Solution None - Timeline 2008-06-06: Vulnerability Discovered 2008-07-07: Disclosed to Vendor (no ack) 2008-10-05: Re-sent to Vendor (no ack) 2009-03-26: Disclosed to Public (no more playing nice) BugsNotHugsShared Vulnerability Disclosure Account

References:

http://seclists.org/bugtraq/2009/Mar/0254.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top