Security Vulnerability Heap Buffer Overflow with ZENworks 7 Handheld Management

  • 7007663
  • 25-Jan-2011
  • 16-Mar-2012

Environment

Novell ZENworks 7 Handheld Management - ZHM7

Situation

A Security Vulnerability exists in ZHM7 code which allows remote attackers to execute arbitrary code which can be made to overflow a heap buffer.  This can be abused by an attacker to execute remote code under the context of the application.

Resolution

To obtain a hot patch with the fix for this problem, follow the instructions in KB 3829982 "Updates to Novell ZENworks 7 Handheld Management" which can be found at https://www.novell.com/support

Status

Security Alert

Additional Information

- Credits: Junaid Bohio, Vulnerability Research Team, TELUS Security Labs (www.telussecuritylabs.com)
Also reported by: TippingPoint as ZDI-CAN-1071: discovered by:  * AbdulAziz Hariri