Chris Steipp

**Name of the Vulnerable Software and Affected Versions** FastPatch for PatchLink Update Server (PLUS) versions prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1 FastPatch for Novell ZENworks versions prior to 6.2 SR1 **Description** The issue allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers without requiring authentication. This can be achieved by modifying certain parameters in the `dagent/proxyreg.asp` endpoint, specifically the `List`, `Proxy`, or `Delete` parameters. **Recommendations** For FastPatch for PatchLink Update Server (PLUS) versions prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1, update to version 6.1 P1 or 6.2 SR1 P1 or later. For FastPatch for Novell ZENworks versions prior to 6.2 SR1, update to version 6.2 SR1 or later. As a temporary workaround, consider restricting access to the `dagent/proxyreg.asp` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PatchLink Update Server (PLUS) versions prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1 Novell ZENworks versions prior to 6.2 SR1 **Description** The issue allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the `action`, `agentid`, or `index` parameters to "dagent/nwupload.asp", which are used as pathname components. **Recommendations** For PatchLink Update Server (PLUS) versions prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1, update to version 6.1 P1 or 6.2 SR1 P1 or later. For Novell ZENworks versions prior to 6.2 SR1, update to version 6.2 SR1 or later. As a temporary workaround, consider restricting access to the "dagent/nwupload.asp" endpoint until a patch is available. Avoid using the `action`, `agentid`, or `index` parameters in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** PatchLink Update Server (PLUS) versions 6.1 through 6.1 before P1 PatchLink Update Server (PLUS) versions 6.2.x through 6.2 before SR1 P1 Novell ZENworks versions 6.2 SR1 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `agentid` parameter in the "checkprofile.asp" file. **Recommendations** For PatchLink Update Server (PLUS) versions 6.1 through 6.1 before P1, update to version 6.1 P1 or later. For PatchLink Update Server (PLUS) versions 6.2.x through 6.2 before SR1 P1, update to version 6.2 SR1 P1 or later. For Novell ZENworks versions 6.2 SR1 and earlier, update to a version later than 6.2 SR1.