Novell ZENworks Configuration Management Preboot Service Opcode 4c Vulnerability

Added: 03/28/2012
CVE: CVE-2011-3176
BID: 52659
OSVDB: 80231

Background

Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server architecture.

Problem

Novell ZENworks Configuration Management before 11.2 is vulnerable to a stack buffer overflow when an attacker sends a specially crafted packet using opcode 4c to the Preboot Service (novell-pbserv.exe).

Resolution

Apply the patches referenced in ZCM 11.1/11.1a fix for PreBoot Service Vulnerabilities to upgrade to ZENworks Configuration Management 11.2.

References

http://securitytracker.com/id/1026835

Limitations

This exploit was tested with ZENworks Configuration Management 11.1a on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2644615.

Platforms

Windows

Back to exploit index