CVE-2006-3426
First published: Fri Jul 07 2006(Updated: )
Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lumension PatchLink Update Server | =6.1 | |
| Lumension PatchLink Update Server | =6.2.0.181 | |
| Lumension PatchLink Update Server | =6.2.0.189 | |
| Micro Focus ZENworks | <=6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1016405
- http://secunia.com/advisories/20876
- http://secunia.com/advisories/20878
- http://www.securityfocus.com/bid/18732
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html
- http://securityreason.com/securityalert/1200
- http://www.vupen.com/english/advisories/2006/2595
- http://www.vupen.com/english/advisories/2006/2596
- http://www.securityfocus.com/archive/1/438710/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3426?
CVE-2006-3426 is considered to be a high severity vulnerability due to its potential for file and directory overwrite by remote attackers.
How do I fix CVE-2006-3426?
To fix CVE-2006-3426, update the PatchLink Update Server to version 6.1 P1 or later, or to version 6.2 SR1 P1 or later for Novell ZENworks.
What types of software are affected by CVE-2006-3426?
CVE-2006-3426 affects Lumension PatchLink Update Server versions 6.1 and 6.2, and Novell ZENworks 6.2 SR1 and earlier.
Can CVE-2006-3426 be exploited remotely?
Yes, CVE-2006-3426 can be exploited remotely using directory traversal techniques.
What are the potential consequences of CVE-2006-3426 exploitation?
Exploitation of CVE-2006-3426 could allow attackers to overwrite arbitrary files and directories, potentially leading to further compromise of the system.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/lumension
- canonical/lumension patchlink update server
- version/lumension patchlink update server/6.1
- version/lumension patchlink update server/6.2.0.181
- version/lumension patchlink update server/6.2.0.189
- vendor/novell
- canonical/micro focus zenworks
- version/micro focus zenworks/6.2