This host is installed with Novell File Reporter and is prone to arbitrary file deletion vulnerability.
Successful exploitation could allow remote attackers to delete arbitrary files. Impact Level: Application
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
The flaw is due to an error in the NFR Agent (NFRAgent.exe) when handling 'OPERATION' and 'CMD' commands in the 'SRS' tag and can be exploited to delete arbitrary files via a specially crafted SRS request sent to TCP port 3073.
Novell File Reporter (NFR) before 126.96.36.199
- Tcptrack Command Line Parsing Heap Based Buffer Overflow Vulnerability
- ImageMagick Multiple Denial of Service Vulnerabilities - 01 June13 (Windows)
- VLC Media Player 'MP4_ReadBox_skcr()' Buffer Overflow Vulnerability (Linux)
- Gabset Media Player Classic Integer Overflow Vulnerability
- ScriptFTP 'GETLIST' or 'GETFILE' Commands Remote Buffer Overflow Vulnerability