ZENworks 7 Handheld Management SP1 buffer overflow

This document (7007135) is provided subject to the disclaimer at the end of this document.

Environment

Novell ZENworks 7 Handheld Management - ZHM7

Situation

Under very specific circumstances, Zenworks Handheld Management (ZHM) can be vulnerable to a heap based buffer overflow. The execution requires system privileges and is very rare, however in worst case scenarios could be used to overrun buffers and disrupt proper execution of code.

Resolution

A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at http://download.novell.com/Download?buildid=Sln2Lkqslmk~ as ZHM 7 Remote Code Execution Vulnerability. This Patch should only be applied if the symptoms above are being experienced, and are causing problems.

This Patch has had limited testing, and should not be used in a production system without first being checked in a test environment. Some Patches have specific requirements for deployment, it is very important to follow any instructions in the readme at the download site. Please report any problems encountered when using this Patch, by using the feedback link on this TID.

Status

Security Alert

Additional Information

Issue reported by Tippingpoint as ZDI-CAN-709

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

Document ID:7007135
Creation Date:02-NOV-10
Modified Date:16-MAR-12
- NovellZENworks Handheld Management

Did this document solve your problem? Provide Feedback

Knowledgebase