Novell ZENworks Console One Lets Remote Authenticated Users Access Diagnostic Functions
|
|
SecurityTracker Alert ID: 1015260
|
|
SecurityTracker URL: http://securitytracker.com/id?1015260
|
|
CVE Reference: CVE-2005-3786
(Links to External Site)
|
Date: Nov 24 2005
|
Impact: User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): zenWorks for Servers 3.0.2
|
Description: A vulnerability was reported in Novell ZENworks. A remote authenticated but unprivileged user can access diagnostic features.
A remote authenticated "regular" user can invoke Console One to access Remote Diagnostics.
|
Impact: A remote authenticated "regular" user can access Remote Diagnostics.
|
Solution: The vendor has issued a fix (IR4 for ZENworks for Servers 3.0.2).
The vendor's advisory is available at:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10086960.htm
|
Vendor URL: support.novell.com/cgi-bin/search/searchtid.cgi?/10098818.htm (Links to External Site)
|
Cause: Access control error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 24 Nov 2005 00:36:49 -0500
Subject: Novell ZENworks vulnerability
|
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10086960.htm
> Remote Diagnostics is accessible by regular users using Console One
|
|
