=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN056
_____________________________________________________________________

DATE                      : 26/01/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Novell ZENworks 7 Handheld Management.

======================================================================
http://www.novell.com/support/viewContent.do?externalId=7007663
______________________________________________________________________

Security Vulnerability Buffer Overflow with ZENworks 7 Handheld Management

This document (7007663) is provided subject to the disclaimer at the end of
this document.

Environment

Novell ZENworks 7 Handheld Management - ZHM7

Situation
A Security Vulnerability exists in ZHM7 code which allows remote
attackers to execute arbitrary code which can be made to overflow a
stack buffer.  This can be abused by an attacker to execute remote
code under the context of the application.

Resolution
To obtain a hot patch with the fix for this problem, follow the instructions
in TID 3829982 "Updates to Novell ZENworks 7 Handheld Management" which
can be found at http://www.novell.com/support


Status
Security Alert


Additional Information
- Credits: Junaid Bohio, Vulnerability Research Team, TELUS Security Labs (www.telussecuritylabs.com)

Also reported by: TippingPoint as ZDI-CAN-1071: discovered by:  * AbdulAziz Hariri

Document
Document ID:	7007663
Creation Date:	01-25-2011
Modified Date:	01-25-2011
Novell Product:	ZENworks Handheld Management


Disclaimer

The Origin of this information may be internal or external to Novell. Novell
makes all reasonable efforts to verify this information. However, the
information provided in this document is for your information only. Novell
makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their
respective owners. Consult your product manuals for complete trademark
information.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================