Novell ZENworks Configuration Management Preboot Service Code Execution

2010-06-17T00:00:00
ID SAINT:E512E5170BE499158A5C6B8248A32ADB
Type saint
Reporter SAINT Corporation
Modified 2010-06-17T00:00:00

Description

Added: 06/17/2010
BID: 39111
OSVDB: 65361

Background

Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a client/server architecture.

Problem

An input validation error in the Preboot Service (novell-pbserv.exe) of Novell ZENworks Configuration Management 10.x prior to 10.3 allows remote attackers to execute arbitrary code on the vulnerable system.

Resolution

Apply the patches referenced in TID 7005455 to upgrade to ZENworks Configuration Management SP3 (10.3).

References

<http://www.zerodayinitiative.com/advisories/ZDI-10-090/>
<http://www.novell.com/support/viewContent.do?externalId=7005572>

Limitations

Exploit works on Novell ZENworks Configuration Management 10.2.0.

Platforms

Windows