CVE-2010-4323
published 2011-02-19CVE-2010-4323: Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote…
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.08%
94.1th percentile
Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| novell | zenworks_configuration_manager | <= 11.0 | — |
| novell | zenworks_configuration_manager | — | — |
| novell | zenworks_configuration_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x00\x01 followed by 500+ \x41 bytes, then \x42\x42\x42\x42\x43\x43\x43\x43\x00\x00
- →Detect oversized TFTP RRQ (opcode 0x0001) packets on UDP/69 — the exploit sends a TFTP read-request (\x00\x01) followed by hundreds of 0x41 bytes, far exceeding any legitimate filename length, triggering the heap overflow in novell-tftp.exe. ↗
- →Monitor the novell-tftp.exe process for unexpected child process spawning or crashes, which may indicate successful or attempted heap-based buffer overflow exploitation. ↗
- ·The PoC hardcodes a specific target IP (192.168.100.24) and uses UDP/69; real-world attacks will vary the destination IP but the protocol and port remain fixed. Detection rules should focus on payload content rather than destination address. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/43379http://securityreason.com/securityalert/8092http://securityreason.com/securityalert/8094http://www.novell.com/support/viewContent.do?externalId=7007896http://www.securityfocus.com/archive/1/516524/100/0/threadedhttp://www.securityfocus.com/bid/46434http://www.securitytracker.com/id?1025092http://www.vupen.com/english/advisories/2011/0425http://www.zerodayinitiative.com/advisories/ZDI-11-089https://exchange.xforce.ibmcloud.com/vulnerabilities/65438http://secunia.com/advisories/43379http://securityreason.com/securityalert/8092http://securityreason.com/securityalert/8094http://www.novell.com/support/viewContent.do?externalId=7007896http://www.securityfocus.com/archive/1/516524/100/0/threadedhttp://www.securityfocus.com/bid/46434http://www.securitytracker.com/id?1025092http://www.vupen.com/english/advisories/2011/0425http://www.zerodayinitiative.com/advisories/ZDI-11-089https://exchange.xforce.ibmcloud.com/vulnerabilities/65438
2011-02-19
Published