Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
TFTP:ZENWORKS-TFTPD-CE-1 |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
TFTP |
Keywords |
Novell ZENworks Desktop Management on Linux TFTPD Code Execution (1) |
Release Date |
2019/07/18 |
Update Number |
3190 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
TFTP: Novell ZENworks Desktop Management on Linux TFTPD Code Execution (1)
This signature detects attempts to exploit a known vulnerability against Novell ZENworks Desktop Management on Linux. It is due to boundary error in the TFTPD server component. A successful attack can lead to arbitrary code execution.
Extended Description
Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request.
Affected Products
- Novell zenworks_configuration_manager 10.3.1
- Novell zenworks_configuration_manager 10.3.2
- Novell zenworks_configuration_manager 11.0
References
- BugTraq: 45378
- CVE: CVE-2010-4323