CVE-2006-3426

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks; Patchlink Update Server
Vendor: CVE Published:; 7 July 2006

Summary

Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-J...

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/bid/18732

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/438710/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jul 7, 2006
Vulnerability Reserved
Jul 6, 2006

Collectors

NVD DatabaseMitre Database