In association with heise online

04 December 2006, 12:24

Update for Novell ZENworks closes critical security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Novell has released an update for ZENworks Asset Management, a management and administration solution. It is intended to remove buffer overflows in the task server, collection server and collection client. According to reports from iDefense, attackers could use specific packets to remotely provoke buffer overflows and execute malicious code. On Windows systems the code then ran under the context system, in Unix as root.

All three vulnerabilities are based on a bug in the Msg.dll library as found in Novell ZENworks 7 Asset Management Support Pack 1 Interim Release 10 and prior versions. The collection client contains a static link to that library as well, meaning that the bug is also contained in CClient.exe, iDefense reports. The interim release SP1 IR11 fixes the bug.

Please see also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit