|
Brought to you by:
Suppliers of:
|
|
|
| |
Novell Inc's ZENworks is a set of tools used to automate IT management and business processes across the various computing resources within an organization. The Collection Client provides functionality, as a service, that will supply the Collection Server with information regarding the managed machine's hardware and software configuration.
Remote exploitation of an integer overflow vulnerability in Novell Inc.'s ZENworks Asset Management could potentially allow an attacker to execute arbitrary code with SYSTEM privileges on Windows or root on the various supported UNIX based operating systems. |
| |
Credit:
The information has been provided by iDefense.
The original article can be found at:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=447
|
| |
Vulnerable Systems:
* ZENworks Asset Management 7.0 SP1 (7.0.0.36 version of the CClient.exe and Msg.dll files).
A heap overflow may occur when processing specially crafted packets sent to the Collection Client daemon. The root cause of this vulnerability is identical to that of the vulnerability in Msg.dll. For more information please consult the Msg.dll advisory.
Successful exploitation of this vulnerability could allow a remote attacker to take complete control of the affected system.
Vendor Status:
Novell's ZENworks team has addressed this vulnerability within ZENworks 7 Asset Management SP1 IR11. More information can be found by visiting http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974824.htm.
Disclosure Timeline:
* 10/16/2006 - Initial vendor notification
* 10/19/2006 - Initial vendor response
* 12/01/2006 - Coordinated public disclosure
|
|
|
|
|
