Signature Detail

APP: Novell ZENworks Configuration Management Preboot Service Buffer Overflow

This signature detects attempts to exploit a known buffer overflow vulnerability in Novell ZENworks Configuration Management. It is due to an input validation error in the Preboot Service when processing messages sent to port TCP/998. Remote attackers can exploit this to execute arbitrary code on the vulnerable system. In a successful code injection and execution attack, the behavior of the target machine is dependent on the intention of the malicious code. The code runs within the security context of the affected service, which is SYSTEM on Windows. In an unsuccessful attack, the affected service can terminate abnormally, leading to a denial-of-service condition.

Extended Description

Novell ZENworks Configuration Management is prone to an unspecified remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. Versions prior to ZENworks Configuration Management 10.3 are vulnerable.

Affected Products

• Novell ZENworks Configuration Management 10.1
• Novell ZENworks Configuration Management 10.1.2
• Novell ZENworks Configuration Management 10.1.2 A

References

• BugTraq: 39111
• BugTraq: 40486
• URL: http://www.novell.com/support/kb/doc.php?id=7005572