Short Name |
APP:NOVELL:ZENWORKS-PREBOOT-SVC |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Novell ZENworks Configuration Management Preboot Service Buffer Overflow |
Release Date |
2010/10/25 |
Update Number |
1798 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known buffer overflow vulnerability in Novell ZENworks Configuration Management. It is due to an input validation error in the Preboot Service when processing messages sent to port TCP/998. Remote attackers can exploit this to execute arbitrary code on the vulnerable system. In a successful code injection and execution attack, the behavior of the target machine is dependent on the intention of the malicious code. The code runs within the security context of the affected service, which is SYSTEM on Windows. In an unsuccessful attack, the affected service can terminate abnormally, leading to a denial-of-service condition.
Novell ZENworks Configuration Management is prone to an unspecified remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. Versions prior to ZENworks Configuration Management 10.3 are vulnerable.