Advisory Details

November 7th, 2010

Novell ZENworks Handheld Management ZfHIPCND.exe Remote Code Execution Vulnerability

ZDI-10-230
ZDI-CAN-709

CVE ID
CVSS SCORE 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
AFFECTED VENDORS Novell
AFFECTED PRODUCTS Zenworks
TIPPINGPOINT™ IPS CUSTOMER PROTECTION TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 10642. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Handheld Management. Authentication is not required to exploit this vulnerability.

The specific flaw exists within module ZfHIPCND.exe. This process is responsible for handling the data received on TCP port 2400. The module reads in the data stream and copies the specified amount of bytes into a fixed-length buffer located in the heap. An attacker can overflow this buffer and execute arbitrary code with SYSTEM privileges.

VENDOR RESPONSE Novell states:

TID 7007135:
http://www.novell.com/support/viewContent.do?externalId=7007135&sliceId=1

Patch link, located in the TID:
http://download.novell.com/Download?buildid=Sln2Lkqslmk~


DISCLOSURE TIMELINE
  • 2010-08-25 - Vulnerability reported to vendor
  • 2010-11-07 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES