Novell NetIQ 2.3.0/2.3.1 Privileged User Manager unifid.exe set_log_config path traversal
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.8 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as critical has been found in Novell NetIQ 2.3.0/2.3.1. This issue affects the function set_log_config in the library regclnt.dll of the file unifid.exe of the component Privileged User Manager. Such manipulation with the input ../../ leads to path traversal.
This vulnerability is referenced as CVE-2012-5931. Furthermore, an exploit is available.
The affected component should be upgraded.
Details
A vulnerability, which was classified as critical, has been found in Novell NetIQ 2.3.0/2.3.1. Affected by this issue is the function set_log_config in the library regclnt.dll of the file unifid.exe of the component Privileged User Manager. The manipulation with the input value ../../ leads to a path traversal vulnerability. Using CWE to declare the problem leads to CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
The weakness was published 11/15/2012 by Andrea Micalizzi (rgod) (Website). The advisory is shared for download at netiq.com. The public release has been coordinated with the vendor. This vulnerability is handled as CVE-2012-5931 since 11/20/2012. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details as well as a public exploit are known. The MITRE ATT&CK project declares the attack technique as T1006.
A public exploit has been developed by Andrea Micalizzi (rgod) and been published immediately after the advisory. It is declared as proof-of-concept. As 0-day the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 63688 (NetIQ Privileged User Manager regclnt.dll Directory Traversal), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CGI abuses. The commercial vulnerability scanner Qualys is able to test this issue with plugin 120749 (NetIQ Privileged User Manager Remote Code Execution Vulnerability).
Upgrading to version 2.3.1 HF2 eliminates this vulnerability. The upgrade is hosted for download at download.novell.com. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (80846), Tenable (63688), OSVDB (88755†) and Vulnerability Center (SBV-38006†). Similar entries are available at VDB-7219 and VDB-7221. Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
License
Support
Website
- Vendor: https://www.novell.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 8.8
VulDB Base Score: 9.8
VulDB Temp Score: 8.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Path traversalCWE: CWE-22
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: Andrea Micalizzi (rgod)
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 63688
Nessus Name: NetIQ Privileged User Manager regclnt.dll Directory Traversal
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 802043
OpenVAS Name: Novell NetIQ Privileged User Manager Remote Code Execution Vulnerability
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Exploit Delay Time: 🔍
Upgrade: NetIQ 2.3.1 HF2
Timeline
11/15/2012 🔍11/15/2012 🔍
11/15/2012 🔍
11/15/2012 🔍
11/20/2012 🔍
12/24/2012 🔍
12/28/2012 🔍
01/13/2013 🔍
01/24/2013 🔍
09/02/2025 🔍
Sources
Vendor: novell.comAdvisory: netiq.com
Researcher: Andrea Micalizzi (rgod)
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2012-5931 (🔍)
GCVE (CVE): GCVE-0-2012-5931
GCVE (VulDB): GCVE-100-7220
X-Force: 80846 - Novell NetIQ Privileged User Manager directory traversal, Medium Risk
OSVDB: 88755
Vulnerability Center: 38006 - NetIQ Privileged User Manager Directory Traversal Vulnerability Allows Remote File Overwrite, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 12/28/2012 18:46Updated: 09/02/2025 09:20
Changes: 12/28/2012 18:46 (62), 04/23/2017 14:12 (29), 04/20/2021 13:46 (4), 09/02/2025 09:20 (14)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.