Security Vulnerability with ZCM Preboot Service

  • 7005572
  • 30-Mar-2010
  • 30-Apr-2012

Environment

Novell ZENworks 10 Configuration Management Imaging

Situation

A vulnerability exists with Novell ZENworks Configuration Management Preboot Service that allows remote attackers to execute arbitrary code on certain installations of Novell ZENworks.

Resolution

This is fixed in version 10.3 - see KB 7005455 "ZENworks Configuration Management SP3 (10.3) - update information and list of fixes" which can be found at https://www.novell.com/support

Status

Security Alert

Additional Information

This Issue was reported as ZDI-CAN-679: Novell ZENworks Configuration Management Preboot Service  by TippingPoint.  This vulnerability was discovered by:  Stephen Fewer of Harmony Security