Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3426

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3426
Last Modified 07 Mar 2011 09:38:37
Published 06 Jul 2006 08:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3426

Summary

Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.

Vulnerable Systems

Application

  • Lumension Patchlink Update Server 6.1

  • Lumension Patchlink Update Server 6.2.0.181

  • Lumension Patchlink Update Server 6.2.0.189

  • Novell Zenworks 6.2


References

BUGTRAQ - 20060629 Multiple Vulnerabilities in PatchLink Update Server 6

VUPEN - ADV-2006-2596

VUPEN - ADV-2006-2595

SECTRACK - 1016405

SECUNIA - 20878

SECUNIA - 20876

BID - 18732

SREASON - 1200


Last Updated: 27 May 2016 10:43:00