{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<P>Novell ZENworks Endpoint Security Management 3.x.</P>","content":"## Description\n\nCette vuln\u00e9rabilit\u00e9 est due au moteur STEngine qui ex\u00e9cute une commande\nissue de certains r\u00e9pertoires ayant des permissions d'acc\u00e8s non\ns\u00e9curis\u00e9es lors de la g\u00e9n\u00e9ration de rapports de diagnostic. Cette\nvuln\u00e9rabilit\u00e9 peut, par exemple, \u00eatre exploit\u00e9e en pla\u00e7ant le fichier\ncmd.exe dans ces r\u00e9pertoires.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 iDefense et \u00e0 la page de\nt\u00e9l\u00e9chargement Novell pour l'obtention des correctifs (cf. section\nDocumentation).\n","cves":[{"name":"CVE-2007-5665","url":"https://www.cve.org/CVERecord?id=CVE-2007-5665"}],"links":[],"reference":"CERTA-2008-AVI-003","revisions":[{"description":"version initiale.","revision_date":"2008-01-07T00:00:00.000000"}],"risks":[{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Novell ZENworks Endpoint\nSecurity Management et permet, localement, \u00e0 un individu malveillant une\n\u00e9l\u00e9vation de privil\u00e8ges.\n","title":"Vuln\u00e9rabilit\u00e9 dans Novell ZENworks Endpoint Security Management","vendor_advisories":[{"published_at":null,"title":"Page de t\u00e9l\u00e9chargement de la mise \u00e0 jour Novell","url":"http://download.novell.com/Download?buildid=5Y6xbs-OKLE"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 iDefense du 24 d\u00e9cembre 2007","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=635"}]}