Security Vulnerability Stack Overflow with ZDM7 Remote Management

  • 7007339
  • 08-Dec-2010
  • 30-Apr-2012

Environment

Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Remote Management

Situation

A Security Vulnerability exists in ZDM7 code which allows remote attackers to execute arbitrary code which can be made to overflow a stack buffer.  This can be abused by an attacker to execute remote code under the context of the system user.

Resolution

Fixed in ZENworks 7 Desktop Management Service Pack 1 Interim Release 4 Hot Patch 5, see KB 3484245 "Updates to Novell ZENworks 7 Desktop Management" which can be found at https://www.novell.com/support

Status

Security Alert

Additional Information

This issue was reported by Tippingpoint Corporation as ZDI-CAN-751 and was discovered by * sb.