Novell Inc's ZENworks is a set of tools used to automate IT management and business processes across the various computing resources within an organization. The Task Server and Collection server daemons provide functionality to manage a distributed network of machines. These daemons will typically only be running on the machine that is being used to manage assets.
Remote exploitation of an integer overflow vulnerability in Novell Inc.'s ZENworks Asset Management could potentially allow an attacker to execute arbitrary code with the privileges of the administrator.
A heap overflow may occur when processing specially crafted packets sent to the Task Server or Collection Server daemons. This problem specifically exists due to an integer overflow when allocating memory for remotely supplied data.
Successful exploitation of this vulnerability could allow a remote attacker to take complete control of the affected system.
While researching this vulnerability, iDefense Labs found that the Task Server and Collection Server components were both affected. Additionally, the Collection Client is statically linked with this library. Information on the vulnerability as it relates to the Collection Client can be found in a separate advisory.
