lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060608212919.14321.qmail@securityfocus.com>
Date: 8 Jun 2006 21:29:19 -0000
From: wiz561@...il.com
To: bugtraq@...urityfocus.com
Subject: Dell Openmanage CD Vulnerability


When you boot up using the Dell PowerEdge Installation and Server Management Disc (P/N: WG126 Rev. A00, October 2005), there are two major vulnerabilities on the machine.  If you use this disc to boot up and you are connected to a DHCP network, there is an SSH server running that does not require a username and password to login.  There is also an X11 server running that accepts connections from anywhere.

The reason why these are risks are because anybody can ssh into the machine and get a bash prompt.  The X11 risk is also rather large because you could place a key logger and screenshot viewer on the IP to see what the admin is doing while they install the software.

This could lead to possible server compromise if an administrator password is entered during this installation wizard.

Notified Dell of vulnerability and their response said to either install the OS using Microsoft or Redhat CD's OR use the Openmanage disc without being connected to a network.  This is not documented anywhere on their site.

Mike


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ