Novell ZENworks Asset Management MSG.DLL Remote Integer Overflow Vulnerability

Bugtraq ID:	21395
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 01 2006 12:00AM
Updated:	Dec 02 2006 01:39AM
Credit:	Eric Detoisien of iDefense is credited with the discovery of this issue.
Vulnerable:	Novell ZENworks Asset Management 7.0 SP1
Not Vulnerable:

Novell ZENworks Asset Management MSG.DLL Remote Integer Overflow Vulnerability

Novell ZENworks Asset Management is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.

An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. A successful attack could result in the complete compromise of the computer. Failed attempts will likely cause denial-of-service conditions.

Novell ZENworks Asset Management 7.0 SP1 is vulnerable; other versions may also be affected.

Novell ZENworks Asset Management MSG.DLL Remote Integer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

Novell ZENworks Asset Management MSG.DLL Remote Integer Overflow Vulnerability

Solution:
The vendor has released version 7 Asset Management SP1 IR11 to address this issue. Please see the references for more information.


Novell ZENworks Asset Management 7.0 SP1

• Novell zam700sp1ir11.exe
  http://support.novell.com/servlet/filedownload/pub/zam700sp1ir11.exe

Novell ZENworks Asset Management MSG.DLL Remote Integer Overflow Vulnerability

References:

• TID2974824 - ZENworks 7 Asset Management SP1 IR11 (Novell)
  
• ZENworks Product Page (Novell)
  
• iDefense Security Advisory 12.01.06: Novell ZENworks Asset Management Msg.dll H (iDefense Labs)