CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%
Added: 04/06/2012
CVE: CVE-2011-3176
BID: 52659
OSVDB: 80231
Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server architecture.
Novell ZENworks Configuration Management before 11.2 is vulnerable to a stack buffer overflow when an attacker sends a specially crafted packet using opcode **6c**
to the Preboot Service (novell-pbserv.exe).
Apply the patches referenced in ZCM 11.1/11.1a fix for PreBoot Service Vulnerabilities to upgrade to ZENworks Configuration Management 11.2.
<http://securitytracker.com/id/1026835>
This exploit was tested with ZENworks Configuration Management 11.1a on Microsoft Windows Server 2003 SP2 English (DEP OptOut).
Windows