Novell iChain May Grant Remote Users Access Via Mandatory Telnet Service if No Password is Set - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Security) > iChain

Vendors: Novell

Novell iChain May Grant Remote Users Access Via Mandatory Telnet Service if No Password is Set

SecurityTracker Alert ID: 1008961

SecurityTracker URL: http://securitytracker.com/id/1008961

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Feb 6 2004

Impact: User access via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): 2.2, Field Patch 3a and prior versions

Description: A vulnerability was reported in Novell iChain in the telnet listener. In a certain configuration, a remote user may be able to gain access to the system.

It is reported that the telnet port (TCP port 23) is enabled by default and cannot be disabled. If no password has been set, a remote user can connect to the port and provide any password to gain access.

Impact: A remote user can gain access to the system via the telnet service if no password has been set.

Solution: Novell issued a fix in iChain 2.2 Field Patch 3b version 2.2.116, available at:

http://support.novell.com/servlet/filedownload/sec/ftf/ic22fp3b.exe

For the Novell Technical Information Document (2968107), see:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968107.htm

Vendor URL: support.novell.com/cgi-bin/search/searchtid.cgi?/2968107.htm (Links to External Site)

Cause: Configuration error

Message History: None.

Source Message Contents

Subject: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968107.htm


Novell issued iChain 2.2 Field Patch 3b version 2.2.116, available at:

http://support.novell.com/servlet/filedownload/sec/ftf/ic22fp3b.exe

In previous iChain versions, telnet (TCP port 23) is enabled by default.  If no password 
is set, a remote user can connect to the port and provide any password to gain access.

In this update, Novell provides an option to disable the telnet listener.

 >         To display settings use: get listener
 >         To change settings use: set listener telnet enable=YES|NO

For the full document, see:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968107.htm


 > Document Title: iChain 2.2 Field Patch 3b
 > Document ID: 2968107
 > Creation Date: 05FEB2004
 > Modified Date: 06FEB2004

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2021, SecurityGlobal.net LLC