virus logo Intrusion Prevention

Novell.Teaming.ajaxUploadImageFile.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a code-execution vulnerability in Novell Teaming.
This issue is caused by an error when the vulnerable software handles an upload_image_file operation with a malicious filename. It may allow remote attackers to execute arbitrary code by sending a crafted file uploading request.

affected-products-logoAffected Products

Novell Teaming 2.1

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Refer to the vendor's site for the suggested workaround:
http://download.novell.com/Download?buildid=gz4IRLKEfDo~

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.zerodayinitiative.com/advisories/ZDI-10-136/
ID 23916
Created Aug 10, 2010
Updated Apr 23, 2014
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2010-2773
Default Action drop
Active
Affected OS Windows, Linux
Affected App Novell