lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000101c5db02$16dbac80$0301a8c0@Furion>
Date: Thu, 27 Oct 2005 16:24:05 +0200
From: "CIRT.DK Advisory" <advisory@...t.dk>
To: "Bugtraq@...urityfocus. Com" <bugtraq@...urityfocus.com>,
	"Full-Disclosure@...ts. Netsys. Com" <full-disclosure@...ts.grok.org.uk>
Subject: [CIRT.DK] - Novell ZENworks Patch Management
	Server 6.0.0.52 - SQL injection


The Novell ZENworks Patch Management Server 6.0.0.52 is vulnerable to 
SQL injection in the management console.

To being able to exploit this issue the administrator have to 
manually created a none-privileged account as minimum, to allow
exploitation.

Fix:	
Upgrade to ZENworks Patch Management version 6.2.2.181
(or newer hot fix via your PLUS server) found at http://download.novell.com.

Note:	
The 6.0.0.52 CD ISO image was on the Novell download site up until the 2nd
week of September, 2005. 
The ZENworks Patch Management CD ISO image that is currently available at
the download site at the 
time of this document being published
http://download.novell.com/Download?buildid=5_kRStyf9wU~ 

ISO Name: 	ZEN_PatchMgmt_Upd6.2.iso Size: 323.8 MB
(339607552) MD5: aeb244ecdf29c83cb8388fae1a6a1919 


A technical description of the vulnerability can be read at: 
http://www.cirt.dk



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ