Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server architecture.
Novell ZENworks Configuration Management before 11.2 is vulnerable to a stack buffer overflow when an attacker sends a specially crafted packet using opcode
**6c** to the Preboot Service (novell-pbserv.exe).
Apply the patches referenced in ZCM 11.1/11.1a fix for PreBoot Service Vulnerabilities to upgrade to ZENworks Configuration Management 11.2.
This exploit was tested with ZENworks Configuration Management 11.1a on Microsoft Windows Server 2003 SP2 English (DEP OptOut).