CVE-2011-3175

Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=973
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html
http://www.novell.com/support/viewContent.do?externalId=7010044
http://download.novell.com/Download?buildid=rs4B5jhWKf8~
http://www.exploit-db.com/exploits/19958

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:zenworks_configuration_management:11.1:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11.1a:::::::*

Information

Published : 2012-04-09 13:55

Updated : 2012-09-06 21:21

NVD link : CVE-2011-3175

Mitre link : CVE-2011-3175

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

novell

zenworks_configuration_management

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=973", "name": "20120314 Novell ZENworks Configuration Management PreBoot Service Opcode 0x6c Stack Buffer Overflow Vulnerability", "tags": [], "refsource": "IDEFENSE"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html", "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.novell.com/support/viewContent.do?externalId=7010044", "name": "http://www.novell.com/support/viewContent.do?externalId=7010044", "tags": [], "refsource": "CONFIRM"}, {"url": "http://download.novell.com/Download?buildid=rs4B5jhWKf8~", "name": "http://download.novell.com/Download?buildid=rs4B5jhWKf8~", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.exploit-db.com/exploits/19958", "name": "19958", "tags": [], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-3175", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-04-09T20:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:novell:zenworks_configuration_management:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:zenworks_configuration_management:11.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-09-07T04:21Z"}