Environment
Novell ZENworks 11 Configuration Management Support Pack 1 - ZCM 11 SP1 Imaging
Novell ZENworks 7 Desktop Management on Linux Support Pack 1 - ZDML7 SP1 ImagingSituation
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Desktop Management. A remote attacker can exploit this vulnerability to execute arbitrary code into a fixed-length buffer on the stack as the imaging service.
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Desktop Management. Authentication is not required to exploit this vulnerability.
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Desktop Management. Authentication is not required to exploit this vulnerability.
Resolution
Fixed in ZENworks 7 Desktop Management on Linux Service Pack 1 Interim Release 4 Hot Patch 5. see KB 3484245 "Updates to Novell ZENworks 7 Desktop Management" which can be found at https://www.novell.com/support
For ZENworks 11: This is fixed in version 11.1 - see KB 7008746 "ZENworks Configuration Management 11.1 - update information and list of fixes" which can be found at Novell Support
This is fixed in version 11.2.1 - see KB 7010042 "ZENworks Configuration Management 11.2.1 - update information and list of fixes" which can be found at Novell Support
This is fixed in version 11.2.1 - see KB 7010042 "ZENworks Configuration Management 11.2.1 - update information and list of fixes" which can be found at Novell Support
Status
Security AlertAdditional Information
This was reported as ZDI-CAN-847 by TippingPoint Corporation. This vulnerability was discovered by: Francis Provencher for Protek Research Lab