Novell ZENworks Handheld Management ZfHIPCND.exe Crafted TCP Request Remote Overflow

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains network service that is prone to a
buffer overflow attack.

Description :

According to its build date, the version of the ZENworks Handheld
Management Access Point process (ZfHIPCND.exe) on the remote host is
affected by a buffer overflow vulnerability due to a failure to
accommodate variable-sized data during initialization of a buffer.

By default, this process listens on TCP port 2400. An
unauthenticated, remote attacker that can connect to that port can
leverage this issue to execute arbitrary code in the context of the
affected application, which runs with SYSTEM privileges.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-026/
http://seclists.org/fulldisclosure/2011/Jan/472
http://www.securityfocus.com/archive/1/archive/1/516045/100/0/threaded
http://www.novell.com/support/viewContent.do?externalId=7007663
http://download.novell.com/Download?buildid=x_x4cdA5yT8~

Solution :

Apply ZENworks 7 Handheld Management Support Pack 1 Interim Release 4
Hot Patch 6 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 51833 ()

Bugtraq ID: 46024

CVE ID: CVE-2011-0742

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now