Novell ZENworks Configuration Management TFTP Remote Heap Overflow Vulnerability

Last Update Date: 25 Feb 2011 Release Date: 18 Feb 2011 6535 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in Novell ZENworks Configuration Management (ZCM), which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a heap overflow error in the "novell-tftp.exe" component when processing requests sent to port 69/UDP, which could be exploited by remote unauthenticated attackers to crash an affected component or execute arbitrary code.

Impact

  • Remote Code Execution

System / Technologies affected

  • Novell ZENworks Configuration Management (ZCM) versions 11.x
  • Novell ZENworks Configuration Management (ZCM) versions 10.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

For earlier versions of ZCM 10, upgrade to version 10.3.2 or 10.3.1 and apply patches.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Cisco Security Agent "st_upload" Remote File Creation Vulnerability

18 Feb 2011 6304 Views

Next

Novell NetWare XNFS "xdrDecodeString()" Code Execution Vulnerability

25 Feb 2011 6229 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY