Environment
Novell ZENworks 10 Configuration Management Imaging
Situation
A vulnerability exists with Novell ZENworks Configuration Management Preboot Service that allows remote attackers to execute arbitrary code on certain installations of Novell ZENworks.
Resolution
This is fixed in version 10.3 - see KB 7005455 "ZENworks Configuration Management SP3 (10.3) - update information and list of fixes" which can be found at https://www.novell.com/support
Status
Security AlertAdditional Information
This Issue was reported as ZDI-CAN-679: Novell ZENworks Configuration Management Preboot Service by TippingPoint. This vulnerability was discovered by: Stephen Fewer of Harmony Security