Dell OpenManage Server Administrator “file” Redirection Weakness

Share Button

VISTA InfoSec’s Information Security Consultant Mr. Mahendra Dhodi has discovered a weakness in Dell OpenManage Server Administrator, which can be exploited by malicious people to conduct spoofing attacks.

Input passed via the “file” GET parameter to /HelpViewer is not properly sanitised before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

The weakness is confirmed in version 7.2.0. Prior versions may also be affected.

Solution:
Update to version 7.3.0.

References:
Secunia Reference: Secunia Advisory SA52742
CVE Reference: CVE-2013-0740

Reference Link: http://secunia.com/advisories/52742/

Leave a comment


Be the first to comment