CVE-2011-3176

Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://download.novell.com/Download?buildid=rs4B5jhWKf8~
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html
http://www.exploit-db.com/exploits/19959
http://www.novell.com/support/viewContent.do?externalId=7010044
http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=974

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:zenworks_configuration_management:11.1:::::::*
	cpe:2.3:a:novell:zenworks_configuration_management:11.1a:::::::*

History

No history.

Information

Published : 2012-04-09 20:55

Updated : 2024-02-04 18:16

NVD link : CVE-2011-3176

Mitre link : CVE-2011-3176

CVE.ORG link : CVE-2011-3176

JSON object : View

Products Affected

novell

zenworks_configuration_management

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2011-3176", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-04-09T20:55:01.960", "references": [{"url": "http://download.novell.com/Download?buildid=rs4B5jhWKf8~", "source": "cve@mitre.org"}, {"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5127930.html", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/19959", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/support/viewContent.do?externalId=7010044", "source": "cve@mitre.org"}, {"url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=974", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en el Servicio de prearranque de Novell ZENworks Configuration Management (ZCM) v11.1 y 11.1a permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una solicitud de c\u00f3digo de operaci\u00f3n (opcode) 0x4C."}], "lastModified": "2012-09-07T04:21:53.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5A92B0C-7256-45F0-8E0C-ADFEF36CF43D"}, {"criteria": "cpe:2.3:a:novell:zenworks_configuration_management:11.1a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2446CA9A-9908-4270-9F4B-119835588D99"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}