|
Brought to you by:
Suppliers of:
|
|
|
| |
Novell Inc's ZENworks is a set of tools used to automate IT management and business processes across the various computing resources within an organization. The Task Server and Collection server daemons provide functionality to manage a distributed network of machines. These daemons will typically only be running on the machine that is being used to manage assets.
Remote exploitation of an integer overflow vulnerability in Novell Inc.'s ZENworks Asset Management could potentially allow an attacker to execute arbitrary code with the privileges of the administrator. |
| |
Credit:
The information has been provided by iDefense.
The original article can be found at:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=448
|
| |
A heap overflow may occur when processing specially crafted packets sent to the Task Server or Collection Server daemons. This problem specifically exists due to an integer overflow when allocating memory for remotely supplied data.
Successful exploitation of this vulnerability could allow a remote attacker to take complete control of the affected system.
While researching this vulnerability, iDefense Labs found that the Task Server and Collection Server components were both affected. Additionally, the Collection Client is statically linked with this library. Information on the vulnerability as it relates to the Collection Client can be found in a separate advisory.
Vendor Status:
Novell's ZENworks team has addressed this vulnerability within ZENworks 7 Asset Management SP1 IR11.
More information can be found by visiting http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974824.htm
Disclosure Timeline:
* 10/16/2006 - Initial vendor notification
* 10/19/2006 - Initial vendor response
* 12/01/2006 - Coordinated public disclosure
|
|
|
|
|
