lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <B3BCAF4246A8A84983A80DAB50FE72424C67B7@secnap2.secnap.com>
Date: Fri, 9 Jun 2006 19:37:20 -0400
From: "Michael Scheidell" <scheidell@...nap.net>
To: <wiz561@...il.com>, <bugtraq@...urityfocus.com>
Subject: RE: Dell Openmanage CD Vulnerability


> -----Original Message-----
> From: wiz561@...il.com [mailto:wiz561@...il.com] 
> Sent: Thursday, June 08, 2006 5:29 PM
> To: bugtraq@...urityfocus.com
> Subject: Dell Openmanage CD Vulnerability
> 
> 
> When you boot up using the Dell PowerEdge Installation and 
> Server Management Disc (P/N: WG126 Rev. A00, October 2005), 
> there are two major vulnerabilities on the machine.  If you 
> use this disc to boot up and you are connected to a DHCP 
> network, there is an SSH server running that does not require 
> a username and password to login.  There is also an X11 
> server running that accepts connections from anywhere.

we also attempted to inform Dell of an installation vulnerability with
Microsoft Windows XP pro.  After asking us our machine serial number
(which I had!) they ignored us. Never to reply back to numerious emails:
http://www.secnap.com/alerts.php?pg=8.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ