APP: Novell ZENworks Configuration Management Preboot Service Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in Novell ZENworks Configuration Management. It is due to an input validation error in the Preboot Service when processing messages sent to port TCP/998. Remote attackers can exploit this to execute arbitrary code on the vulnerable system. In a successful code injection and execution attack, the behavior of the target machine is dependent on the intention of the malicious code. The code runs within the security context of the affected service, which is SYSTEM on Windows. In an unsuccessful attack, the affected service can terminate abnormally, leading to a denial-of-service condition.
Extended Description
Novell ZENworks Configuration Management is prone to an unspecified remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition. Versions prior to ZENworks Configuration Management 10.3 are vulnerable.
Affected Products
Novell zenworks_configuration_management
Short Name
APP:NOVELL:ZENWORKS-PREBOOT-SVC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Buffer Configuration Management Novell Overflow Preboot Service ZENworks bid:39111 bid:40486
Release Date
10/25/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/998
False Positive
Unknown
Vendors
Novell