Tuesday, 22 June 2010

Novell Access Manager File Upload Remote Code Execution Vulnerability

TippingPoint's Zero Day Initiative (ZDI) have published an advisory for a remote pre authentication arbitrary file upload vulnerability in Novell Access Manager which leads to arbitrary code execution. This vulnerability was discovered by Stephen Fewer of Harmony Security.

You can read the full ZDI advisory here:
http://www.zerodayinitiative.com/advisories/ZDI-10-112/

And you can read the Novell advisory which includes a short walk-through of the vulnerable source code here:
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7006255

Wednesday, 2 June 2010

Novell ZENworks Preboot Service Stack Buffer Overflow Vulnerability

TippingPoint's Zero Day Initiative (ZDI) have published an advisory for a remote pre authentication stack based buffer overflow vulnerability in Novell ZENworks Configuration Management Preboot Service which leads to arbitrary code execution with SYSTEM privileges. This vulnerability was discovered by Stephen Fewer of Harmony Security.

You can read the full ZDI advisory here:
http://www.zerodayinitiative.com/advisories/ZDI-10-090/