SAINT CorporationSAINT:9E057DF1EB016915529A75B2E3791E79Novell ZENworks Configuration Management Preboot Service Opcode 6c Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%
Added: 04/06/2012
CVE: CVE-2011-3176
BID: 52659
OSVDB: 80231
Background
Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server architecture.
Problem
Novell ZENworks Configuration Management before 11.2 is vulnerable to a stack buffer overflow when an attacker sends a specially crafted packet using opcode **6c** to the Preboot Service (novell-pbserv.exe).
Resolution
Apply the patches referenced in ZCM 11.1/11.1a fix for PreBoot Service Vulnerabilities to upgrade to ZENworks Configuration Management 11.2.
References
<http://securitytracker.com/id/1026835>
Limitations
This exploit was tested with ZENworks Configuration Management 11.1a on Microsoft Windows Server 2003 SP2 English (DEP OptOut).
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.8%