SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#577729

Dell Openmanage CD launches unauthenticated services

Overview

Dell Openmanage CD launches X11 and SSH daemons that permit unauthenticated users full access.

I. Description

The Dell Openmanage CD gives system administrators using Dell servers access to drivers, diagnostic tools, remote system control, and other utilities. When loaded, the CD launches X11 and SSH daemons that grant unauthenticated users full access. An attacker would need network access to the server to exploit this vulnerability.

II. Impact

A remote attacker with network access to the server could take control of the affected system. Only IP connectivity to the server is required to exploit this vulnerability.

III. Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Restrict Access

Restrict network access to servers when using the Dell Openmanage CD, or do not connect the server to a network while using the CD. Some of the features of the Dell Openmanage product do not require network connectivity. See the vendor statement section of this document for more details.

Systems Affected

VendorStatusDate NotifiedDate Updated
Dell Computer Corporation, Inc.Vulnerable13-Jul-2006

References


http://msgs.securepoint.com/cgi-bin/get/bugtraq0606/187.html
http://www.dell.com/downloads/global/solutions/OpenManage%20for%20Servers%20Brochure%205.5.04.pdf

Credit

This document was written by Ryan Giobbi.

Other Information

Date Public:2006-06-08
Date First Published:2006-07-07
Date Last Updated:2006-07-21
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:10.26
Document Revision:18

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Produced 2006 by US-CERT, a government organization
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader