Vulnerability Description
Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Zenworks | 6.5 |
| Novell | Zenworks Desktops | 3.2 |
| Novell | Zenworks Remote Management | All versions |
| Novell | Zenworks Server Management | 6.5 |
| Novell | Zenworks Servers | 3.2 |
References
- http://marc.info/?l=bugtraq&m=111645317713662&w=2
- http://secunia.com/advisories/15433
- http://securitytracker.com/id?1014005
- http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097644.htm
- http://www.rem0te.com/public/images/zen.pdfVendor Advisory
- http://www.securityfocus.com/bid/13678
- http://www.vupen.com/english/advisories/2005/0571
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20639
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20644
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20645
- http://marc.info/?l=bugtraq&m=111645317713662&w=2
- http://secunia.com/advisories/15433
- http://securitytracker.com/id?1014005
- http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097644.htm
- http://www.rem0te.com/public/images/zen.pdfVendor Advisory
FAQ
What is CVE-2005-1543?
CVE-2005-1543 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Se...
How severe is CVE-2005-1543?
CVE-2005-1543 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1543?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Zenworks, Novell Zenworks Desktops, Novell Zenworks Remote Management, Novell Zenworks Server Management, Novell Zenworks Servers.