1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Novell ZENworks Config Management

Attack: Novell ZENworks Config Management

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a buffer overflow vulnerability in Novell Zenworks

Additional Information

Novell ZENworks Configuration Management is an IT-management application.

ZENworks Configuration Management is prone to a stack-based buffer-overflow vulnerability. This issue affects the Preboot Service (novell-pbserv.exe), which is listening on TCP port 998 by default. Specifically, the application fails to validate length/value pairs included in a binary protocol against the size of a destination buffer.

An attacker can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will compromise the affected application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to ZENworks Configuration Management 10.3 are vulnerable.

Affected

  • Novell ZENworks Configuration Management 10.1.2 a
  • Novell ZENworks Configuration Management 10.1.2
  • Novell ZENworks Configuration Management 10.1

Response

Vendor updates are available.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube