SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ZENworks Remote Control Vendors:   Novell
ZENworks Remote Control Help Function Lets Local Users Gain System Privileges
SecurityTracker Alert ID:  1011931
SecurityTracker URL:  http://securitytracker.com/id/1011931
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 26 2004
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 4.0.1 - ZfD4.0.1
Description:   A vulnerability was reported in ZENworks Remote Control Help. A local user can launch application with system rights.

Novell reported that a local user can right click on the system tray icon for the Remote Management Agent and then select the Help function to launch Microsoft's HTML Help program. Then, the user can click on the Control Box, select "jump to URL", and enter a local file to cause the specified file to execute with the privileges of the Remote Management Agent (i.e., System level privileges).

Impact:   A local user can execute arbitrary applications with System privileges.
Solution:   The vendor has issued a fixed version (ZfDAgent.msi 4.00.1114.40909, dated 9 Sept 2004, or newer), available as part of zfd401_ir5.exe or newer at Novell Product Updates:

http://support.novell.com/filefinder/

Vendor URL:  support.novell.com/cgi-bin/search/searchtid.cgi?/10095153.htm (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC