| Vulnerability Name: | CVE-2006-6299 (CCN-30665) | ||||||||
| Assigned: | 2006-12-01 | ||||||||
| Published: | 2006-12-01 | ||||||||
| Updated: | 2017-07-29 | ||||||||
| Summary: | Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow. | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2006-6299 Source: IDEFENSE Type: Patch, Vendor Advisory 20061201 Novell ZENworks Asset Management Collection Client Heap Overflow Vulnerability Source: IDEFENSE Type: Patch, Vendor Advisory 20061201 Novell ZENworks Asset Management Msg.dll Heap Overflow Vulnerability Source: CCN Type: SA23157 Novell ZENworks Asset Management Buffer Overflow Vulnerability Source: SECUNIA Type: Vendor Advisory 23157 Source: CCN Type: SECTRACK ID: 1017326 Novell ZENworks Asset Management Integer Overflows Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1017326 Source: CCN Type: TID2974824 ZENworks 7 Asset Management SP1 IR11 Source: CONFIRM Type: Patch http://support.novell.com/cgi-bin/search/searchtid.cgi?/2974824.htm Source: CCN Type: OSVDB ID: 31352 Novell ZENworks Asset Management Collection Client Msg.dll Remote Overflow Source: CCN Type: OSVDB ID: 31353 Novell ZENworks Asset Management Task/Collection Server Msg.dll Remote Overflow Source: BID Type: Patch, Vendor Advisory 21395 Source: CCN Type: BID-21395 Novell ZENworks Asset Management MSG.DLL Remote Integer Overflow Vulnerability Source: BID Type: Patch, Vendor Advisory 21400 Source: CCN Type: BID-21400 Novell ZENworks Asset Management Collection Client Remote Integer Overflow Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-4829 Source: XF Type: UNKNOWN zenworks-assetmanagement-collection-bo(30665) Source: XF Type: UNKNOWN zenworks-assetmanagement-collection-bo(30665) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 12.01.06 Novell ZENworks Asset Management Collection Client Heap Overflow Vulnerability | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||