Novell File Reporter FSFUI Arbitrary File Retrieval (Nov 27, 2012)


Novell File Reporter is software that allows network administrators to identify files stored on the network and generates reports regarding the size of individual files, file type, when files were last accessed, and where duplicates exist. Additionally, the File Reporter tracks storage volume capacity and usage. It is a component of the Novell File Management Suite.

Novell File Reporter examines and reports on terabytes of data via a central reporting engine (NFR Engine) and distributed agents (NFR Agents). The NFR Engine schedules the scans of file instances conducted by NFR Agents, processes and compiles the scans for reporting purposes, and provides report information to the user interface. The NFR Engine when working in either eDirectory or Active Directory connects to the directory via a Directory Services Interface (DSI) and thus can monitors and checks file permissions.

NFR Agents communicate with HTTPS protocol on port 3037 by default. A request is sent to the NFR Agent as an XML-formatted request body of a POST request. One example of the XML contents can be:

  FSFUI 126 filename  

A file retrieval vulnerability exists in Novell File Reporter. The vulnerability is due to lack of authorization on certain requests which return the contents of a file. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the NFR Agent service. Successful exploitation can result in arbitrary file retrieval with SYSTEM privileges.

Dell SonicWALL IPS team has researched this vulnerability and released the following IPS signature to detect the attacks.

  • 9273 Novell File Reporter FSFUI Arbitrary File Retrieval

An existing generic Directory Traversal detection signature will also take effect in most of the cases.

  • 6613 Server Application Directory Traversal Attack 6

This vulnerability has been referred by CVE as CVE-2012-4958.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.