[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: TELUS Security Labs VR - Novell ZENworks Handheld Management
From: noreply () telus ! com
Date: 2011-01-28 19:37:16
Message-ID: 201101281937.p0SJbGLS011259 () www3 ! securityfocus ! com
[Download RAW message or body]
Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow
TSL ID: FSC20110125-06
1. Affected Software
Novell ZENworks Handheld Management 7.0
Reference: http://www.novell.com/products/zenworks/handhelds
2. Vulnerability Summary
A buffer overflow vulnerability exists in Novell ZENworks Handheld Management that \
could be exploited by remote unauthenticated attackers to execute arbitrary code with \
SYSTEM privileges on a vulnerable server.
3. Vulnerability Analysis
The vulnerability is due to a boundary error in the IP Conduit Service, ZfHIPCND.exe. \
If a crafted packet is sent to the service on port 2400/TCP, it allocates a fixed \
size heap buffer and copies the client device information into it without validating \
the string size. This could be exploited by attackers to overflow the buffer and \
possibly execute arbitrary code with the privileges of the ZfHIPCND.exe service, by \
default SYSTEM.
4. Vulnerability Detection
TELUS Security Labs has confirmed the vulnerability in:
ZENworks Handheld Management 7.0 (ZfHIPCND.exe version 7.0.2.1029 Build 10/29/10)
5. Workaround
Do not allow untrusted hosts to access the vulnerable service.
6. Vendor Response
Patches have been made available by the vendor to eliminate this vulnerability:
http://www.novell.com/support/viewContent.do?externalId=7007663
http://download.novell.com/Download?buildid=x_x4cdA5yT8~
7. Disclosure Timeline
2010-12-21 Reported to the vendor
2010-12-21 Vendor response
2011-01-25 Vendor released patches and advisory
2011-01-26 Published TSL advisory
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: Not available
Vendor: http://www.novell.com/support/viewContent.do?externalId=7007663
http://telussecuritylabs.com/threats/show/FSC20110125-06
10. About TELUS Security Labs
TELUS Security Labs, formerly Assurent Secure Technologies is the leading provider of \
security research. Our research services include:
* Vulnerability Research
* Malware Research
* Signature Development
* Shellcode Exploit Development
* Application Protocols
* Product Security Testing
* Security Content Development (parsers, reports, alerts)
TELUS Security Labs provides a specialized portfolio of services to assist security \
product vendors with newly discovered commercial product vulnerabilities and malware \
attacks. Many of our services are provided on a subscription basis to reduce research \
costs for our customers. Over 50 of the world's leading security product vendors rely \
on TELUS Security Labs research.
http://telussecuritylabs.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic