Skip to main content

Novell ZENworks Configuration Management TFTP Remote Heap Overflow Vulnerability

Last Update Date: 25 Feb 2011 Release Date: 18 Feb 2011 6703 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

TYPE: Other Servers

A vulnerability has been identified in Novell ZENworks Configuration Management (ZCM), which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a heap overflow error in the "novell-tftp.exe" component when processing requests sent to port 69/UDP, which could be exploited by remote unauthenticated attackers to crash an affected component or execute arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • Novell ZENworks Configuration Management (ZCM) versions 11.x
  • Novell ZENworks Configuration Management (ZCM) versions 10.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

For earlier versions of ZCM 10, upgrade to version 10.3.2 or 10.3.1 and apply patches.


Vulnerability Identifier


Source


Related Link