ZCM 11.1/11.1a fix for PreBoot Service Vulnerabilities - see TID 7009969, TID 7009970 and TID 7009971
This document (5127930) is provided subject to the disclaimer at the end of this document.
patches this patch supersedes
patches that supersede this patch
ZCM 11.1 PreBoot Service Opcode 0x21 Arbitrary File Download Vulnerability - see TID 7009969
ZCM 11.1 PreBoot Service Opcode 0x6c Stack Buffer Overflow Vulnerability - see TID 7009970
ZCM 11.1 PreBoot Service Opcode 0x4c Stack Buffer Overflow Vulnerability - see TID 7009971
This patch contains
to fix three security issue with Preboot services - see
ZCM 11.1a or ZCM 11.1
A server has been correctly updated if the following files have a "modified date" of December 5 2011
1) Download ZCM_11.1.0_20111205_714773.zip from this patch and extract to a temporary location
2) apply the fix to each Linux Primary Server that runs Preboot services:
2.1) Stop tftp service using the command /etc/init.d/novell-pbserv stop
2.2) for 32-bit servers, copy the rpm extracted in step 1, and install with the following command:
rpm -ivh novell-zenworks-zmgservices-11.1.0-17121.i586.rpm --force
for 64-bit servers, copy the rpm extracted in step 1, and install with the following command:
rpm -ivh novell-zenworks-zmgservices-11.1.0-17121.x86_64.rpm
2.3) Start the tftp service using the command /etc/init.d/novell-pbserv start
3. apply the fix to each Windows Primary Server that runs Preboot services:
3.1) Stop "Novell ZENworks Preboot Service" from services.msc, or by using the command net stop "Novell ZENworks Preboot Service"
3.2) Install the msi using the following command (note this should be entered on one line):
msiexec /i [path to]\novell-zenworks-zmgservices-126.96.36.19921.msi TARGETDIR="[2 levels above ZENWORKS_HOME]" REBOOT=ReallySuppress ALLUSERS=1 /lvx [desired log path]\novell-zenworks-zmgservices-188.8.131.5221.msi.log /qn
(note parameters such as TARGETDIR must be in upper-case)
(If ZENworks home is equal to C:\program files\novell\zenworks, then TARGETDIR = c:\program files)
msiexec /i novell-zenworks-zmgservices-184.108.40.20621.msi TARGETDIR="C:\Program Files" REBOOT=ReallySupress ALLUSERS=1 /lvx novell-zenworks-zmgservices-220.127.116.1121.msi.log /qn
If you wish to deploy this via a bundle, you must set the MSI property TARGETDIR (note TARGETDIR must be in upper-case). For example, if ZCM is installed within C:\Program Files\Novell\ZENworks, set the TARGETDIR as C:\Program Files. Note that this does require that all devices that are to receive this bundle must have the agent installed in the same drive and directory; if your environment requires a more flexible approach (for example if there are agents on Windows servers, not installed to drive C:) then a utility that Novell has published on Cool Solutions http://www.novell.com/communities/node/12159/zenworks-ftf-installation-package-bundle-deployment-facilitator may be used, although this utility is not officially supported. This utility will set an environment variable %ZENWORKS_TARGETDIR% which can be used by your bundle (note that for Windows 2008 R2, the variable is not usable until the next login, unless the bundle executes before the user logs in) - the variable is permanently added to the environment, so only needs to be run once per device.
3.3) Start the "Novell ZENworks Preboot Service" from services.msc, or by using the command net start "Novell ZENworks Preboot Service"
iDefense VCP Submission V-2g1be7h8eu V-c0jr0ixo66 V-bt7ceoz956
The title and readme of this patch have been updated to reflect the fact that it contained fixes for three vulnerabilities instead of one; the files have not been changed since the first release.
14 March 2012, changed title to add 11.1a to make it clear it applies equally to this version
|ZCM_11.1.0_20111205_714773.zip||587.3 KB (601406)||2012-02-22 04:35:26|
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.
Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.
© 2007 Novell, Inc. All Rights Reserved.