Novell ZENworks Asset Management Collection Client Remote Overflow

critical Nessus Plugin ID 23787

Synopsis

Arbitrary code can be executed on the remote host.

Description

The remote host is running Novell ZENworks Asset (or Inventory) Management, a remote desktop and network management software.

The remote version of this software has multiple heap overflow vulnerabilities that may be exploited by an attacker to execute arbitrary code on the remote host with SYSTEM privileges.

Solution

See the vendor advisory for update information.

See Also

http://www.nessus.org/u?9ff412fd

Plugin Details

Severity: Critical

ID: 23787

File Name: novell_zenworks_asset_heap.nasl

Version: 1.14

Type: remote

Published: 12/11/2006

Updated: 7/16/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 11/30/2006

Vulnerability Publication Date: 12/1/2006

Reference Information

CVE: CVE-2006-6299

BID: 21395, 21400