Submit a Story      Security   FAQ    Resources    Certification    Links    Calendar    Forum    Polls    Search      

Welcome to abeNd.org - Novell News for IT Professionals Friday, May 18 2012 @ 04:20 AM CDT
User Functions
:

:

Don't have an account yet? Sign up as a New User
Lost your password?

What's New
STORIES
No new stories

COMMENTS last 2 days
No new comments

TRACKBACKS last 2 days
No new trackback comments

LINKS last 2 weeks
No recent new links


Who's Online
Guest Users: 6

Live Novell Chat
Live Novell Chat

Topics
Home
Poll posts (1/0)
Way Off Topic! (1/0)
Contracting (2/0)
FAQ (1/0)
NetWare (51/0)
Certification (32/0)
NDS/eDir (20/0)
Administration (78/0)
GroupWise (146/0)
Linux/Open Source (311/0)
Resources (21/0)
General News (911/0)
Security (296/0)

Poll
Have you deployed ZCM 11 SP2 yet?
Yes - on Linux
Yes - on Windows
Yes - with the .OVA
No - just waiting a week
No - still on ZCM 10
No - still on ZenWorks 7
No - still on ZenWorks 6 or earlier
No - not a ZenWorks user
Results
16 votes | 0 comments

Microsoft Security


 [SA43379] Novell ZENworks Configuration Management novell-tftp.exe Buffer Overflow    
 Author:  kkbass
 Dated:  Saturday, March 05 2011 @ 07:26 PM CST
 Viewed:  1,270 times  
SecuritySECUNIA ADVISORY ID:
SA43379

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43379/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43379

RELEASE DATE:
2011-03-05

DISCUSS ADVISORY:
http://secunia.com/advisories/43379/#comments


DESCRIPTION:
A vulnerability has been reported in Novell ZENworks Configuration
Management, which can be exploited by malicious people to compromise
a vulnerable system.

The vulnerability is caused due to a boundary error in
novell-tftp.exe when parsing requests. This can be exploited to cause
a heap-based buffer overflow via a specially crafted request sent to
UDP port 69.

The vulnerability is reported in versions 10.3.1, 10.3.2, and 11.0.

SOLUTION:
Apply patches.

Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

PROVIDED AND/OR DISCOVERED BY:
Independently reported by:
* Francis Provencher, Protek Research Lab's via ZDI
* SilentSignal via ZDI
* AbdulAziz Hariri, ThirdEyeTesters via ZDI

ORIGINAL ADVISORY:
Novell:
http://www.novell.com/support/viewContent.do?externalId=7007896

ZDI-11-089:
http://www.zerodayinitiative.com/advisories/ZDI-11-089/

Protek Research Lab's:
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=22&Itemid=22



What's Related
  • http://secunia.com/advi...
  • https://ca.secunia.com/...
  • http://secunia.com/advi...
  • http://secunia.com/prod...
  • http://www.novell.com/s...
  • http://www.zerodayiniti...
  • http://www.protekresear...
  • More by kkbass
  • More from Security

    		•
    Story Options
  • Mail Story to a Friend
  • Printable Story Format

    • Trackback

    Trackback URL for this entry: http://www.abend.org/trackback.php/20110305192640775

    No trackback comments for this entry.
    [SA43379] Novell ZENworks Configuration Management novell-tftp.exe Buffer Overflow | 0 comments | Create New Account
    The following comments are owned by whomever posted them. This site is not responsible for what they say.
     Copyright © 2012 abeNd.org
     All trademarks and copyrights on this page are owned by their respective owners.    		 Powered By GeekLog
    Created this page in 0.05 seconds