Novell ZENworks Configuration Management Multiple Vulnerabilities
Last Update Date:
22 Mar 2012 10:12
Release Date:
22 Mar 2012
5313
Views
RISK: Medium Risk
TYPE: Servers - Network Management
Multiple vulnerabilities have been identified in Novell ZENworks Configuration Management, which can be exploited to execute arbitrary code and view files on the target system.
- A remote user can supply a specially crafted request (PreBoot Service Opcode 0x21) to view arbitrary files on the target system.
- A remote user can send specially crafted data (PreBoot Service Opcode 0x4c and 0x6C) to trigger a stack overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.
Impact
- Elevation of Privilege
- Remote Code Execution
- Information Disclosure
System / Technologies affected
- ZENworks Configuration Management 11.1
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix.
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html
Vulnerability Identifier
Source
Related Link
Share with