Novell is now a part of Micro Focus

My Favorites

Close

Please to see your favorites.

ZCM TFTPD Remote Code Execution Security Vulnerability

This document (7007896) is provided subject to the disclaimer at the end of this document.

Environment

Novell ZENworks 10 Configuration Management
Novell ZENworks 11 Configuration Management

Situation

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Configuration Manager.

Resolution

For ZCM 11: This is fixed in version 11.1 - see TID 7008746 "ZENworks Configuration Management 11.1 - update information and list of fixes" which can be found at https://www.novell.com/support

Workaround: if it is not possible to upgrade to 11.1 at this time, in the interim, Novell has made a Patch available: it can be obtained at https://download.novell.com/Download?buildid=KN7WZylayYc~ as "ZCM 11.0 TFTP vulnerability - see TID 7007896 ".
 
For ZCM 10.3.2: This is fixed in version 10.3.3 - see TID 7007641 "ZENworks Configuration Management 10.3.3 - update information and list of fixes" which can be found at https://www.novell.com/support
Workaround: if it is not possible to upgrade to 10.3.2 at this time, in the interim, Novell has made a Patch available: it can be obtained at https://download.novell.com/Download?buildid=EXTzSp-HKZ8~ as "ZCM 10.3.2 TFTP vulnerability - see TID 7007896" 
 
For ZCM 10.3.1: A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available: it can be obtained at https://download.novell.com/Download?buildid=YO_dVg28uzY~ as "ZCM 10.3.1 TFTP vulnerability - see TID 7007896" 
 
For earlier versions of ZCM 10: It will be necessary to upgrade to one of the above versions, and apply the appropriate patch

Status

Security Alert

Additional Information

Tracking as:
  • CVE-2010-4323
  • ZDI-CAN-877
Reported to Novell by Tippingpoint and discovered by:
  • Francis Provencher for Protek Research Lab
  • SilentSignal
  

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7007896
  • Creation Date:15-FEB-11
  • Modified Date:27-APR-12
    • NovellZENworks Configuration Management

Did this document solve your problem? Provide Feedback