Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5665

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2007-5665
Last Modified 07 Mar 2011 10:01:06
Published 08 Jan 2008 07:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2007-5665

Summary

STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory.

Vulnerable Systems

Application

  • Novell Zenworks Endpoint Security Management 3.5


References

SECUNIA - 28351

VUPEN - ADV-2008-0044

SECTRACK - 1019155

BID - 27146

IDEFENSE - 20071224 Novell ZENworks Endpoint Security Management Local Privilege Escalation Vulnerability


Last Updated: 27 May 2016 10:46:14