Novell ZENworks Configuration Management Preboot Service Code Execution

Added: 06/17/2010
BID: 39111
OSVDB: 65361

Background

Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server architecture.

Problem

An input validation error in the Preboot Service (novell-pbserv.exe) of Novell ZENworks Configuration Management 10.x prior to 10.3 allows remote attackers to execute arbitrary code on the vulnerable system.

Resolution

Apply the patches referenced in TID 7005455 to upgrade to ZENworks Configuration Management SP3 (10.3).

References

http://www.zerodayinitiative.com/advisories/ZDI-10-090/
http://www.novell.com/support/viewContent.do?externalId=7005572

Limitations

Exploit works on Novell ZENworks Configuration Management 10.2.0.

Platforms

Windows

Back to exploit index