Security Vulnerability with ZCM Preboot Service

  • 7005572
  • 30-Mar-2010
  • 30-Apr-2012


Novell ZENworks 10 Configuration Management Imaging


A vulnerability exists with Novell ZENworks Configuration Management Preboot Service that allows remote attackers to execute arbitrary code on certain installations of Novell ZENworks.


This is fixed in version 10.3 - see KB 7005455 "ZENworks Configuration Management SP3 (10.3) - update information and list of fixes" which can be found at


Security Alert

Additional Information

This Issue was reported as ZDI-CAN-679: Novell ZENworks Configuration Management Preboot Service  by TippingPoint.  This vulnerability was discovered by:  Stephen Fewer of Harmony Security