=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN441
_____________________________________________________________________

DATE                      : 09/11/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Novell ZENworks 7 Handheld Management.

======================================================================
http://www.novell.com/support/viewContent.do?externalId=7007135&sliceId=1
______________________________________________________________________


ZENworks 7 Handheld Management SP1 buffer overflow

This document (7007135) is provided subject to the disclaimer at the
end of this document.


Environment
Novell ZENworks 7 Handheld Management - ZHM7


Situation
Under very specific circumstances, Zenworks Handheld Management (ZHM)
can be vulnerable to a heap based buffer overflow.  The execution requires
system privileges and is very rare, however in worst case scenarios could
be used to overrun buffers and disrupt proper execution of code.


Resolution
A fix for this issue is intended to be included in a future update
to the product: however, in the interim, Novell has made a Patch available
for testing, in the form of a Field Test File (FTF): it can be obtained
at http://download.novell.com/Download?buildid=Sln2Lkqslmk~ as ZHM 7 Remote
Code Execution Vulnerability. This Patch should only be applied if the
symptoms above are being experienced, and are causing problems.

This Patch has had limited testing, and should not be used
in a production system without first being checked in a test
environment. Some Patches have specific requirements for deployment,
it is very important to follow any instructions in the readme
at the download site. Please report any problems encountered
when using this Patch, by using the feedback link on this TID.


Status
Security Alert

Additional Information
Issue reported by Tippingpoint as ZDI-CAN-709
Document
Document ID:	7007135
Creation Date:	11-02-2010
Modified Date:	11-02-2010
Novell Product:	ZENworks Handheld Management


Disclaimer

The Origin of this information may be internal or external to
Novell. Novell makes all reasonable efforts to verify this
information. However, the information provided in this document
is for your information only. Novell makes no explicit or implied
claims to the validity of this information.
Any trademarks referenced in this document are the property of
their respective owners. Consult your product manuals for complete
trademark information.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================