Novell ZENworks Asset Management Collection Client Remote Overflow

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host.

Description :

The remote host is running Novell ZENworks Asset (or Inventory)
Management, a remote desktop and network management software.

The remote version of this software has multiple heap overflow
vulnerabilities that may be exploited by an attacker to execute
arbitrary code on the remote host with SYSTEM privileges.

See also :

http://www.nessus.org/u?9ff412fd

Solution :

See the vendor advisory for update information.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Gain a shell remotely

Nessus Plugin ID: 23787 ()

Bugtraq ID: 21395
21400

CVE ID: CVE-2006-6299