Security Vulnerabilities with ZENworks Imaging

  • 7007321
  • 06-Dec-2010
  • 20-Jul-2012

Environment

Novell ZENworks 11 Configuration Management Support Pack 1 - ZCM 11 SP1 Imaging
Novell ZENworks 7 Desktop Management on Linux Support Pack 1 - ZDML7 SP1 Imaging

Situation

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Desktop Management.  A remote attacker can exploit this vulnerability to execute arbitrary code into a fixed-length buffer on the stack as the imaging service.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Desktop Management. Authentication is not required to exploit this vulnerability.


Resolution

Fixed in ZENworks 7 Desktop Management on Linux Service Pack 1 Interim Release 4 Hot Patch 5. see KB 3484245 "Updates to Novell ZENworks 7 Desktop Management" which can be found at https://www.novell.com/support
 
For ZENworks 11: This is fixed in version 11.1 - see KB 7008746 "ZENworks Configuration Management 11.1 - update information and list of fixes" which can be found at Novell Support

This is fixed in version 11.2.1 - see KB 7010042 "ZENworks Configuration Management 11.2.1 - update information and list of fixes" which can be found at Novell Support

Status

Security Alert

Additional Information

This was reported as ZDI-CAN-847 by TippingPoint Corporation.  This vulnerability was discovered by:  Francis Provencher for Protek Research Lab