This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempt to exploit a buffer overflow vulnerability in Novell Zenworks
Novell ZENworks Configuration Management is an IT-management application.
ZENworks Configuration Management is prone to a stack-based buffer-overflow vulnerability. This issue affects the Preboot Service (novell-pbserv.exe), which is listening on TCP port 998 by default. Specifically, the application fails to validate length/value pairs included in a binary protocol against the size of a destination buffer.
An attacker can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will compromise the affected application. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to ZENworks Configuration Management 10.3 are vulnerable.
- Novell ZENworks Configuration Management 10.1.2 a
- Novell ZENworks Configuration Management 10.1.2
- Novell ZENworks Configuration Management 10.1
Vendor updates are available.