Novell ZENworks Remote Management authentication buffer overflow

2006-03-02T00:00:00
ID SAINT:CDCCD3F9E6879437D2D0E8E94B5CDAEC
Type saint
Reporter SAINT Corporation
Modified 2006-03-02T00:00:00

Description

Added: 03/02/2006
CVE: CVE-2005-1543
BID: 13678
OSVDB: 16698

Background

Novell ZENworks is a resource management solution consisting of a management server and management agents.

Problem

The Novell ZENworks Remote Management service is affected by a buffer overflow when processing authentication requests. An attacker could execute arbitrary commands by sending a specially crafted type 1 authentication request containing a long password.

Resolution

Apply the fix referenced in TID 10097644.

References

http://marc.theaimsgroup.com/?l=bugtraq&m=111645317713662&w=2

Limitations

Exploit works on Novell ZENworks Remote Management Agent 6.5.

Platforms

Windows