[NEWS] Dell PowerEdge Server Management CD Full Remote Access
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 14 Jun 2006 12:18:56 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Dell PowerEdge Server Management CD Full Remote Access
------------------------------------------------------------------------
SUMMARY
PowerEdge is the name given to a server line produced by Dell, Inc..
The Dell PowerEdge Installation and Server Management Disc boots a system
with X11 open to the world and sshd spawned that allows anyone access
without credentials.
DETAILS
Vulnerable Systems:
* Dell PowerEdge Installation and Server Management Disc P/N: WG126 Rev.
A00, October 2005.
When you boot up using the Dell PowerEdge Installation and Server
Management Disc, there are two major vulnerabilities on the machine. If
you use this disc to boot up and you are connected to a DHCP network,
there is an SSH server running that does not require a username and
password to login. There is also an X11 server running that accepts
connections from anywhere.
The reason why these are risks are because anybody can ssh into the
machine and get a bash prompt. The X11 risk is also rather large because
you could place a key logger and screenshot viewer on the IP to see what
the admin is doing while they install the software.
This could lead to possible server compromise if an administrator password
is entered during this installation wizard.
Vendor response:
Notified Dell of vulnerability and their response said to either install
the OS using Microsoft or Redhat CD's OR use the Openmanage disc without
being connected to a network. This is not documented anywhere on their
site.
ADDITIONAL INFORMATION
The information has been provided by <mailto:wiz561@xxxxxxxxx> Mike.
The original article can be found at:
<http://packetstormsecurity.org/0606-advisories/dellOpen.txt>
http://packetstormsecurity.org/0606-advisories/dellOpen.txt
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [UNIX] FreeType Integer Overflow Vulnerabilities
- Next by Date: [NT] Cumulative Security Update for Internet Explorer (MS06-021)
- Previous by thread: [UNIX] FreeType Integer Overflow Vulnerabilities
- Next by thread: [NT] Cumulative Security Update for Internet Explorer (MS06-021)
- Index(es):
Relevant Pages
|
