module
Novell ZENworks Configuration Management Preboot Service 0x6c Buffer Overflow
| Disclosed | Created |
|---|---|
| 2012-02-22 | 2018-05-30 |
Disclosed
2012-02-22
Created
2018-05-30
Description
This module exploits a remote buffer overflow in the ZENworks Configuration
Management. The vulnerability exists in the Preboot service and can be triggered by
sending a specially crafted packet with the opcode 0x6c (PROXY_CMD_GET_NEXT_STEP)
to port 998/TCP. The module has been successfully tested on Novell ZENworks
Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).
Management. The vulnerability exists in the Preboot service and can be triggered by
sending a specially crafted packet with the opcode 0x6c (PROXY_CMD_GET_NEXT_STEP)
to port 998/TCP. The module has been successfully tested on Novell ZENworks
Configuration Management 10 SP2 / SP3 and Windows Server 2003 SP2 (DEP bypass).
Authors
Luigi Auriemma
juan vazquez juan.vazquez@metasploit.com
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.