J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1537
    posted: 11/06/09
  • NSM Daily Update #1537
    posted: 11/06/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1537
    posted: 11/06/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/06/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/05/09

Title: Novell ZENworks Multiple Remote Pre-Authentication Buffer Overflow Vulnerabilities

Severity: CRITICAL

Description:

Novell ZENworks is a commercial enterprise desktop management package.

Novell ZENworks is prone to multiple remote pre-authentication buffer overflow vulnerabilities.

The issues exist in the 'zenrem32.exe' executable, which is a remote management service designed to allow an administrator to manage multiple host computers from a central server. The following individual issues are reported:

ZENworks is prone to multiple heap-based buffer overflow vulnerabilities. These issues exist because user-supplied values are sign extended and later incremented. A supplied value of -1, may result in a 0 being passed to memory allocation routines. The resulting insufficient chunks of memory may be populated with superfluous data, in turn resulting in the corruption of process memory.

These issues may be exploited by a remote attacker to execute arbitrary code in the context of the affected service.

ZENworks is prone to a stack-based memory buffer overflow vulnerability. The issue exists in the type 1 authentication request processing routines, and is because of a lack of sufficient boundary checks performed on supplied password values. Specifically, no length checks are performed on supplied password values before the password is copied into a finite 28-byte buffer in stack-based memory.

This issue may be leveraged by a remote attacker to execute arbitrary code in the context of the affected service.

ZENworks is prone to multiple stack-based memory buffer overflow vulnerabilities. These issues exist in type 2 authentication request processing routines, and are because of a lack of sufficient boundary checks performed on network data. Specifically, the issues manifest due to integer wraps and signed issues.

These issues may be exploited by a remote attacker to execute arbitrary code in the context of the affected service.

Affected Products:

  • Novell ZENworks Desktop Management 6.5.0
  • Novell ZENworks Remote Management
  • Novell ZENworks Server Management 6.5.0
  • Novell ZENworks for Desktops 3.2.0 SP2
  • Novell ZENworks for Desktops 4.0.0
  • Novell ZENworks for Desktops 4.0.1
  • Novell ZENworks for Servers 3.2.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.