[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060608212919.14321.qmail@securityfocus.com>
Date: 8 Jun 2006 21:29:19 -0000
From: wiz561@...il.com
To: bugtraq@...urityfocus.com
Subject: Dell Openmanage CD Vulnerability
When you boot up using the Dell PowerEdge Installation and Server Management Disc (P/N: WG126 Rev. A00, October 2005), there are two major vulnerabilities on the machine. If you use this disc to boot up and you are connected to a DHCP network, there is an SSH server running that does not require a username and password to login. There is also an X11 server running that accepts connections from anywhere.
The reason why these are risks are because anybody can ssh into the machine and get a bash prompt. The X11 risk is also rather large because you could place a key logger and screenshot viewer on the IP to see what the admin is doing while they install the software.
This could lead to possible server compromise if an administrator password is entered during this installation wizard.
Notified Dell of vulnerability and their response said to either install the OS using Microsoft or Redhat CD's OR use the Openmanage disc without being connected to a network. This is not documented anywhere on their site.
Mike
Powered by blists - more mailing lists