Short Name |
APP:NOVELL:ZENWORKS-TFTPD-RCE |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Novell ZENworks Desktop Management on Linux TFTPD Code Execution |
Release Date |
2011/07/21 |
Update Number |
1959 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Novell ZENworks Desktop Management on Linux. It is due to boundary error in the TFTPD server component. A successful attack can lead to arbitrary code execution.
Novell ZENworks Desktop Management is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions. ZENworks Desktop Management 7 SP1 is vulnerable.