Lucene search
This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.NOVELL_ZENWORKS_ASSET_HEAP.NASLHistoryDec 11, 2006 - 12:00 a.m.
Novell ZENworks Asset Management Collection Client Remote Overflow
2006-12-1100:00:00
This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
www.tenable.com
10
The remote host is running Novell ZENworks Asset (or Inventory) Management, a remote desktop and network management software.
The remote version of this software has multiple heap overflow vulnerabilities that may be exploited by an attacker to execute arbitrary code on the remote host with SYSTEM privileges.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if(description)
{
script_id(23787);
script_version("1.14");
script_cve_id("CVE-2006-6299");
script_bugtraq_id(21395, 21400);
script_name(english:"Novell ZENworks Asset Management Collection Client Remote Overflow");
script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host." );
script_set_attribute(attribute:"description", value:
"The remote host is running Novell ZENworks Asset (or Inventory)
Management, a remote desktop and network management software.
The remote version of this software has multiple heap overflow
vulnerabilities that may be exploited by an attacker to execute
arbitrary code on the remote host with SYSTEM privileges." );
script_set_attribute(attribute:"solution", value: "See the vendor advisory for update information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
# http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_2974824.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9ff412fd" );
script_set_attribute(attribute:"plugin_publication_date", value: "2006/12/11");
script_set_attribute(attribute:"vuln_publication_date", value: "2006/12/01");
script_set_attribute(attribute:"patch_publication_date", value: "2006/11/30");
script_cvs_date("Date: 2018/07/16 14:09:13");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english:"Determines if ZENWorks Asset Management is vulnerable to an Heap Overflow");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
script_family(english:"Gain a shell remotely");
script_dependencies("novell_asset_management_detect.nasl");
script_require_ports(7461);
exit(0);
}
include ("byte_func.inc");
if (!get_kb_item("Novell/AMCC"))
exit (0);
set_byte_order(BYTE_ORDER_LITTLE_ENDIAN);
port = 7461;
if (!get_tcp_port_state(port))
exit(0);
soc = open_sock_tcp (port);
if (!soc)
exit(0);
req = mkbyte (0x00) + crap(data:raw_string(0), length:0x0d) + mkword (0) +
mkword (0xfe) +
mkword (0x0) +
mkdword (0x40001); # new check on the length (<= 0x40000)
send(socket:soc, data:req);
res = recv (socket:soc, length:4096);
if ("TS.Census module" >< res)
{
security_hole(port);
}
Related
checkpoint_advisories
checkpoint_advisories
Novell ZENworks Asset Management Msg.dll Buffer Overflow (CVE-2006-6299)
2009-12-20 00:00:00
cve
cve
CVE-2006-6299
2006-12-05 11:28:00
Related for NOVELL_ZENWORKS_ASSET_HEAP.NASL