| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Oct 2005 16:24:05 +0200 From: "CIRT.DK Advisory" <advisory@...t.dk> To: "Bugtraq@...urityfocus. Com" <bugtraq@...urityfocus.com>, "Full-Disclosure@...ts. Netsys. Com" <full-disclosure@...ts.grok.org.uk> Subject: [CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection The Novell ZENworks Patch Management Server 6.0.0.52 is vulnerable to SQL injection in the management console. To being able to exploit this issue the administrator have to manually created a none-privileged account as minimum, to allow exploitation. Fix: Upgrade to ZENworks Patch Management version 6.2.2.181 (or newer hot fix via your PLUS server) found at http://download.novell.com. Note: The 6.0.0.52 CD ISO image was on the Novell download site up until the 2nd week of September, 2005. The ZENworks Patch Management CD ISO image that is currently available at the download site at the time of this document being published http://download.novell.com/Download?buildid=5_kRStyf9wU~ ISO Name: ZEN_PatchMgmt_Upd6.2.iso Size: 323.8 MB (339607552) MD5: aeb244ecdf29c83cb8388fae1a6a1919 A technical description of the vulnerability can be read at: http://www.cirt.dk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists