Lucene search
Francis Provencher for Protek Researchh Lab'sAbdulAziz Hariri of ThirdEyeTestersSilentSignalZDI-11-089HistoryFeb 17, 2011 - 12:00 a.m.
Novell ZenWorks TFTPD Remote Code Execution Vulnerability
2011-02-1700:00:00
Francis Provencher for Protek Researchh Lab'sAbdulAziz Hariri of ThirdEyeTestersSilentSignal
www.zerodayinitiative.com
12
0.954 High
EPSS
Percentile
99.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Configuration Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the novell-tftp.exe component which listens by default on UDP port 69. When handling a request the process blindly copies user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the ZenWorks user.
Related
packetstorm
packetstorm
Novell ZenWorks 10 / 11 TFTPD Remote Code Execution
2011-02-19 00:00:00
IBM Lotus Domino LDAP Remote Code Execution
2011-02-19 00:00:00
securityvulns
securityvulns
ZDI-11-089: Novell ZenWorks TFTPD Remote Code Execution Vulnerability
2011-02-22 00:00:00
Novell ZenWorks TFTP Server buffer overflow
2011-02-22 00:00:00
cvelist
cvelist
CVE-2010-4323
2011-02-18 23:00:00
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2010-4323
2011-02-19 01:00:01
prion
prion
Heap overflow
2011-02-19 01:00:00
cve
cve
CVE-2010-4323
2011-02-19 01:00:01