Novell ZENworks Handheld Management ZfHIPCND.exe Unspecified Buffer Overflow

This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.


Synopsis :

The remote host is running a server that is affected by a remote heap
overflow vulnerability.

Description :

A vulnerability exists in the server ZfHIPCND.exe, which handles the
data received on TCP port 2400. An attacker can overflow a buffer on a
heap belonging to the server and possibly execute arbitrary code with
SYSTEM privileges. Authentication is not required to exploit this
vulnerability.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-10-230/
http://www.nessus.org/u?1a78ca9d

Solution :

Apply patch ZHM_635573_29102010 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:U/RL:TF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 50679 ()

Bugtraq ID: 44700

CVE ID: CVE-2010-4299

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now