[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    TELUS Security Labs VR - Novell ZENworks Handheld Management
From:       noreply () telus ! com
Date:       2011-01-28 19:37:16
Message-ID: 201101281937.p0SJbGLS011259 () www3 ! securityfocus ! com
[Download RAW message or body]

Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow

TSL ID: FSC20110125-06

1. Affected Software

    Novell ZENworks Handheld Management 7.0

Reference: http://www.novell.com/products/zenworks/handhelds

2. Vulnerability Summary

A buffer overflow vulnerability exists in Novell ZENworks Handheld Management that \
could be exploited by remote unauthenticated attackers to execute arbitrary code with \
SYSTEM privileges on a vulnerable server.

3. Vulnerability Analysis

The vulnerability is due to a boundary error in the IP Conduit Service, ZfHIPCND.exe. \
If a crafted packet is sent to the service on port 2400/TCP, it allocates a fixed \
size heap buffer and copies the client device information into it without validating \
the string size. This could be exploited by attackers to overflow the buffer and \
possibly execute arbitrary code with the privileges of the ZfHIPCND.exe service, by \
default SYSTEM.

4. Vulnerability Detection

TELUS Security Labs has confirmed the vulnerability in:

    ZENworks Handheld Management 7.0 (ZfHIPCND.exe version 7.0.2.1029 Build 10/29/10)

5. Workaround

Do not allow untrusted hosts to access the vulnerable service.

6. Vendor Response

Patches have been made available by the vendor to eliminate this vulnerability:

http://www.novell.com/support/viewContent.do?externalId=7007663
http://download.novell.com/Download?buildid=x_x4cdA5yT8~

7. Disclosure Timeline

  2010-12-21 Reported to the vendor
  2010-12-21 Vendor response
  2011-01-25 Vendor released patches and advisory
  2011-01-26 Published TSL advisory

8. Credits

Junaid Bohio of Vulnerability Research Team, TELUS Security Labs

9. References

  CVE: Not available 

  Vendor: http://www.novell.com/support/viewContent.do?externalId=7007663

  http://telussecuritylabs.com/threats/show/FSC20110125-06

10. About TELUS Security Labs

TELUS Security Labs, formerly Assurent Secure Technologies is the leading provider of \
security research. Our research services include:

    * Vulnerability Research
    * Malware Research
    * Signature Development
    * Shellcode Exploit Development
    * Application Protocols
    * Product Security Testing
    * Security Content Development (parsers, reports, alerts)

TELUS Security Labs provides a specialized portfolio of services to assist security \
product vendors with newly discovered commercial product vulnerabilities and malware \
attacks. Many of our services are provided on a subscription basis to reduce research \
costs for our customers. Over 50 of the world's leading security product vendors rely \
on TELUS Security Labs research.

http://telussecuritylabs.com


[prev in list] [next in list] [prev in thread] [next in thread]