CVE-2011-3175

Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://download.novell.com/Download?buildid=rs4B5jhWKf8~
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html
http://www.exploit-db.com/exploits/19958
http://www.novell.com/support/viewContent.do?externalId=7010044
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=973

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:zenworks_configuration_management:11.1:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11.1a:::::::*

History

No history.

Information

Published : 2012-04-09 20:55

Updated : 2012-09-07 04:21

NVD link : CVE-2011-3175

Mitre link : CVE-2011-3175

CVE.ORG link : CVE-2011-3175

JSON object : View

Products Affected

novell

zenworks_configuration_management

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2011-3175", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-04-09T20:55:01.820", "references": [{"url": "http://download.novell.com/Download?buildid=rs4B5jhWKf8~", "source": "cve@mitre.org"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/19958", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/support/viewContent.do?externalId=7010044", "source": "cve@mitre.org"}, {"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=973", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una solicitud de c\u00f3digo de operaci\u00f3n (opcode) 0x6C."}], "lastModified": "2012-09-07T04:21:53.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5A92B0C-7256-45F0-8E0C-ADFEF36CF43D"}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2446CA9A-9908-4270-9F4B-119835588D99"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

10.0 /10