CVE-2011-3176

Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.novell.com/support/viewContent.do?externalId=7010044
http://download.novell.com/Download?buildid=rs4B5jhWKf8~
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=974
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html
http://www.exploit-db.com/exploits/19959

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:zenworks_configuration_management:11.1a:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11.1:::::::*

Information

Published : 2012-04-09 13:55

Updated : 2012-09-06 21:21

NVD link : CVE-2011-3176

Mitre link : CVE-2011-3176

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

Products Affected

novell

zenworks_configuration_management

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.novell.com/support/viewContent.do?externalId=7010044", "name": "http://www.novell.com/support/viewContent.do?externalId=7010044", "tags": [], "refsource": "CONFIRM"}, {"url": "http://download.novell.com/Download?buildid=rs4B5jhWKf8~", "name": "http://download.novell.com/Download?buildid=rs4B5jhWKf8~", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=974", "name": "20120314 Novell ZENworks Configuration Management PreBoot Service Opcode 0x4c Stack Buffer Overflow Vulnerability", "tags": [], "refsource": "IDEFENSE"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html", "name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.exploit-db.com/exploits/19959", "name": "19959", "tags": [], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-3176", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-04-09T20:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:novell:zenworks_configuration_management:11.1a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:zenworks_configuration_management:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-09-07T04:21Z"}