ZENworks 7 Handheld Management SP1 buffer overflow

  • 7007135
  • 02-Nov-2010
  • 16-Mar-2012

Environment

Novell ZENworks 7 Handheld Management - ZHM7

Situation

Under very specific circumstances, Zenworks Handheld Management (ZHM) can be vulnerable to a heap based buffer overflow.  The execution requires system privileges and is very rare, however in worst case scenarios could be used to overrun buffers and disrupt proper execution of code. 

Resolution

A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=Sln2Lkqslmk~ as ZHM 7 Remote Code Execution Vulnerability. This Patch should only be applied if the symptoms above are being experienced, and are causing problems.

This Patch has had limited testing, and should not be used in a production system without first being checked in a test environment. Some Patches have specific requirements for deployment, it is very important to follow any instructions in the readme at the download site. Please report any problems encountered when using this Patch, by using the feedback link on this TID.

Status

Security Alert

Additional Information

Issue reported by Tippingpoint as ZDI-CAN-709