Dell Openmanage CD Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Dell Openmanage CD Vulnerability
From: wiz561@xxxxxxxxx
Date: 8 Jun 2006 21:29:19 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

When you boot up using the Dell PowerEdge Installation and Server Management 
Disc (P/N: WG126 Rev. A00, October 2005), there are two major vulnerabilities 
on the machine.  If you use this disc to boot up and you are connected to a 
DHCP network, there is an SSH server running that does not require a username 
and password to login.  There is also an X11 server running that accepts 
connections from anywhere.

The reason why these are risks are because anybody can ssh into the machine and 
get a bash prompt.  The X11 risk is also rather large because you could place a 
key logger and screenshot viewer on the IP to see what the admin is doing while 
they install the software.

This could lead to possible server compromise if an administrator password is 
entered during this installation wizard.

Notified Dell of vulnerability and their response said to either install the OS 
using Microsoft or Redhat CD's OR use the Openmanage disc without being 
connected to a network.  This is not documented anywhere on their site.

Mike

Prev by Date: okscripts.com - XSS Vulns
Next by Date: iFoto v0.20-06/06/06
Previous by thread: okscripts.com - XSS Vulns
Next by thread: RE: Dell Openmanage CD Vulnerability
Index(es):
- Date
- Thread