Thursday, 10 January 2008

Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability

iDefense has published an advisory for a vulnerability in the Novell ZENworks Endpoint Security Management (ESM) Security Client which was discovered by Stephen Fewer of Harmony Security. It is a local privilege escalation vulnerability whereby an unprivileged user can trivially run executables with SYSTEM privileges.

You can read the full iDefense advisory here:

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=635