SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   iChain Vendors:   Novell
Novell iChain May Grant Remote Users Access Via Mandatory Telnet Service if No Password is Set
SecurityTracker Alert ID:  1008961
SecurityTracker URL:  http://securitytracker.com/id/1008961
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 6 2004
Impact:   User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.2, Field Patch 3a and prior versions
Description:   A vulnerability was reported in Novell iChain in the telnet listener. In a certain configuration, a remote user may be able to gain access to the system.

It is reported that the telnet port (TCP port 23) is enabled by default and cannot be disabled. If no password has been set, a remote user can connect to the port and provide any password to gain access.

Impact:   A remote user can gain access to the system via the telnet service if no password has been set.
Solution:   Novell issued a fix in iChain 2.2 Field Patch 3b version 2.2.116, available at:

http://support.novell.com/servlet/filedownload/sec/ftf/ic22fp3b.exe

For the Novell Technical Information Document (2968107), see:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968107.htm

Vendor URL:  support.novell.com/cgi-bin/search/searchtid.cgi?/2968107.htm (Links to External Site)
Cause:   Configuration error

Message History:   None.


 Source Message Contents

Subject:  http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968107.htm


Novell issued iChain 2.2 Field Patch 3b version 2.2.116, available at:

http://support.novell.com/servlet/filedownload/sec/ftf/ic22fp3b.exe

In previous iChain versions, telnet (TCP port 23) is enabled by default.  If no password 
is set, a remote user can connect to the port and provide any password to gain access.

In this update, Novell provides an option to disable the telnet listener.

 >         To display settings use: get listener
 >         To change settings use: set listener telnet enable=YES|NO

For the full document, see:

http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968107.htm


 > Document Title: iChain 2.2 Field Patch 3b
 > Document ID: 2968107
 > Creation Date: 05FEB2004
 > Modified Date: 06FEB2004

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC