TFTP: Novell ZENworks Desktop Management on Linux TFTPD Code Execution (1)
This signature detects attempts to exploit a known vulnerability against Novell ZENworks Desktop Management on Linux. It is due to boundary error in the TFTPD server component. A successful attack can lead to arbitrary code execution.
Extended Description
Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request.
Affected Products
Novell zenworks_configuration_manager
Short Name
TFTP:ZENWORKS-TFTPD-CE-1
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
TFTP
Keywords
(1) CVE-2010-4323 Code Desktop Execution Linux Management Novell TFTPD ZENworks bid:45378 on
Release Date
07/18/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Novell
CVSS Score
7.5