Update Protection against Novell iManager getMultiPartParameters Unauthorized File Upload

Vulnerability
Protection

Check Point Reference:	CPAI-2011-107
Date Published:
Severity:
Source:	Secunia Advisory SA41687
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? Novell iManager 2.7.3.2 and prior
Vulnerability Description A vulnerability was reported in Novell iManager, a web-based administration console that provides management of many other Novell products. The vulnerability is due to insufficient validation of the getMultiPartParametersfunction. A remote attacker could leverage this vulnerability to upload arbitrary content to arbitrary files on the target system.

Update/Patch Available Novell has released an advisory to address this issue.
Vulnerability Details The vulnerability is due to insufficient validation of user input within the getMultiPartParameters function. Since Novell iManager (via the Tomcat servlet container) runs as the SYSTEM user on Windows, successful exploitation would allow the upload of arbitrary files to any directory on a target system.

Protection Overview

The protection will detect and block attempts to upload files to the Novell iManager server with invalid path specifications.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?

1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > WWW 2, and select the CGI Attacks protection group.
3. Click Novell iManager getMultiPartParameters Unauthorized File Upload (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entry will be logged:

Alert Name: WWW/CGI Attacks Protection Group
Description: Novell iManager getMultiPartParameters Unauthorized File Upload

Legal Notice for Threat Center Advisories