| VID |
23134 |
| Severity |
40 |
| Port |
1761 |
| Protocol |
TCP |
| Class |
ZENworks |
| Detailed Description |
The Novell ZENworks software, according to its version number, has multiple buffer overflow vulnerabilities. Novell ZENworks provides Remote Management capabilities to large networks. Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management could allow a remote attacker to execute arbitrary code, caused by multiple stack-based and heap-based buffer overflow vulnerabilities in unspecified vectors and type 1, type 2 authentication requests. A remote unauthenticated attacker could exploit these vulnerabilities to execute arbitrary code on the affected system with the SYSTEM privileges.
* Note: This check solely relied on the version of the remote software to assess this vulnerability, so this might be a false positive.
* References:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097644.htm
http://archives.neohapsis.com/archives/bugtraq/2005-05/0223.html
http://www.rem0te.com/public/images/zen.pdf
* Platforms Affected:
Novell ZENworks for Desktops 4.x
Novell, Inc., Novell ZENworks Desktop Management 6.5
Novell, Inc., Novell ZENworks for Servers 3.x
Novell, Inc., Novell ZENworks Remote Management Any version
Novell, Inc., Novell ZENworks Server Management 6.5 |
| Recommendation |
Apply the appropriate fix for your system, as listed in Novell Technical Information Document TID10097644 at http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097644.htm |
| Related URL |
CVE-2005-1543 (CVE) |
| Related URL |
13678 (SecurityFocus) |
| Related URL |
20639,20644,20645 (ISS) |
|
