Skip to main content

Novell ZENworks Configuration Management Multiple Vulnerabilities

Last Update Date: 22 Mar 2012 10:12 Release Date: 22 Mar 2012 5313 Views

RISK: Medium Risk

TYPE: Servers - Network Management

TYPE: Network Management

Multiple vulnerabilities have been identified in Novell ZENworks Configuration Management, which can be exploited to execute arbitrary code and view files on the target system.

  1. A remote user can supply a specially crafted request (PreBoot Service Opcode 0x21) to view arbitrary files on the target system.
  2. A remote user can send specially crafted data (PreBoot Service Opcode 0x4c and 0x6C) to trigger a stack overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Impact

  • Elevation of Privilege
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • ZENworks Configuration Management 11.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link