Novell ZENworks Console One Remote-Diagnostics Access

2005-11-22T06:48:08
ID OSVDB:21052
Type osvdb
Reporter OSVDB
Modified 2005-11-22T06:48:08

Description

Vulnerability Description

Novell ZENworks for Servers contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote authenticated but unprivileged user is accessing Console One, which will allow access to Remote Diagnostic features resulting in a loss of confidentiality.

Solution Description

Upgrade to Novell ZENworks for Servers version 3.0.2 IR4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Novell ZENworks for Servers contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote authenticated but unprivileged user is accessing Console One, which will allow access to Remote Diagnostic features resulting in a loss of confidentiality.

References:

Vendor Specific Solution URL: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972567.htm Security Tracker: 1015260 Secunia Advisory ID:17700 Other Advisory URL: http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098818.htm Keyword: Document ID: 10098818 Keyword: Solution ID: NOVL103381 Keyword: TID2972567 Keyword: TID10098818 FrSIRT Advisory: ADV-2005-2544 CVE-2005-3786 Bugtraq ID: 15540