Novell ZENworks Configuration Management < 10 SP3 Multiple Flaws

critical Nessus Plugin ID 45569

Language:

Synopsis

The remote Windows host contains an application that is affected by multiple vulnerabilities.

Description

ZENworks Configuration Management, a configuration management software from Novell, is installed on the remote Windows host.

According to its version, it is affected by several vulnerabilities :

- An unspecified vulnerability in ZCM Preboot Service may allow an attacker to execute arbitrary code on the remote system. (TID 7005572)

- An unspecified vulnerability in ZCM Remote Execution may allow an attacker to execute arbitrary code on the remote system. (TID 7005573)

Solution

Upgrade to ZENworks 10 Configuration Management SP3 (10.3) or later.

See Also

https://support.microfocus.com/kb/doc.php?id=7005572

https://support.microfocus.com/kb/doc.php?id=7005573

https://www.zerodayinitiative.com/advisories/ZDI-10-078/

https://www.zerodayinitiative.com/advisories/ZDI-10-090/

Plugin Details

Severity: Critical

ID: 45569

File Name: novell_zcm_10_3.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 4/19/2010

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

CPE: cpe:/a:novell:zenworks_configuration_management

Required KB Items: SMB/Novell/ZENworks/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/30/2010

Vulnerability Publication Date: 3/30/2010

Exploitable With

Metasploit (Novell ZENworks Configuration Management Preboot Service 0x06 Buffer Overflow)

Elliot (Novell ZENworks Configuration Management File Upload)

Reference Information

BID: 39111, 39114, 40486

Secunia: 39212