Lucene search
This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.NOVELL_ZENWORKS_ASSET_HEAP.NASLHistoryDec 11, 2006 - 12:00 a.m.
Novell ZENworks Asset Management Collection Client Remote Overflow
2006-12-1100:00:00
This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
www.tenable.com
14
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.128 Low
EPSS
Percentile
95.5%
The remote host is running Novell ZENworks Asset (or Inventory) Management, a remote desktop and network management software.
The remote version of this software has multiple heap overflow vulnerabilities that may be exploited by an attacker to execute arbitrary code on the remote host with SYSTEM privileges.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if(description)
{
script_id(23787);
script_version("1.14");
script_cve_id("CVE-2006-6299");
script_bugtraq_id(21395, 21400);
script_name(english:"Novell ZENworks Asset Management Collection Client Remote Overflow");
script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host." );
script_set_attribute(attribute:"description", value:
"The remote host is running Novell ZENworks Asset (or Inventory)
Management, a remote desktop and network management software.
The remote version of this software has multiple heap overflow
vulnerabilities that may be exploited by an attacker to execute
arbitrary code on the remote host with SYSTEM privileges." );
script_set_attribute(attribute:"solution", value: "See the vendor advisory for update information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
# http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_2974824.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9ff412fd" );
script_set_attribute(attribute:"plugin_publication_date", value: "2006/12/11");
script_set_attribute(attribute:"vuln_publication_date", value: "2006/12/01");
script_set_attribute(attribute:"patch_publication_date", value: "2006/11/30");
script_cvs_date("Date: 2018/07/16 14:09:13");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english:"Determines if ZENWorks Asset Management is vulnerable to an Heap Overflow");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
script_family(english:"Gain a shell remotely");
script_dependencies("novell_asset_management_detect.nasl");
script_require_ports(7461);
exit(0);
}
include ("byte_func.inc");
if (!get_kb_item("Novell/AMCC"))
exit (0);
set_byte_order(BYTE_ORDER_LITTLE_ENDIAN);
port = 7461;
if (!get_tcp_port_state(port))
exit(0);
soc = open_sock_tcp (port);
if (!soc)
exit(0);
req = mkbyte (0x00) + crap(data:raw_string(0), length:0x0d) + mkword (0) +
mkword (0xfe) +
mkword (0x0) +
mkdword (0x40001); # new check on the length (<= 0x40000)
send(socket:soc, data:req);
res = recv (socket:soc, length:4096);
if ("TS.Census module" >< res)
{
security_hole(port);
}
Related
checkpoint_advisories
checkpoint_advisories
Novell ZENworks Asset Management Msg.dll Buffer Overflow (CVE-2006-6299)
2009-12-20 00:00:00
cve
cve
CVE-2006-6299
2006-12-05 11:28:00
nvd
nvd
CVE-2006-6299
2006-12-05 11:28:00
cvelist
cvelist
CVE-2006-6299
2006-12-05 11:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.128 Low
EPSS
Percentile
95.5%
Related for NOVELL_ZENWORKS_ASSET_HEAP.NASL