RE: Dell Openmanage CD Vulnerability

To: <wiz561@xxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Dell Openmanage CD Vulnerability
From: "Michael Scheidell" <scheidell@xxxxxxxxxx>
Date: Fri, 9 Jun 2006 19:37:20 -0400
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcaL7+0HJPVA9zanSKKNVAvpNNP2dwALa+6A
Thread-topic: Dell Openmanage CD Vulnerability

> -----Original Message-----
> From: wiz561@xxxxxxxxx [mailto:wiz561@xxxxxxxxx] 
> Sent: Thursday, June 08, 2006 5:29 PM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Dell Openmanage CD Vulnerability
> 
> 
> When you boot up using the Dell PowerEdge Installation and 
> Server Management Disc (P/N: WG126 Rev. A00, October 2005), 
> there are two major vulnerabilities on the machine.  If you 
> use this disc to boot up and you are connected to a DHCP 
> network, there is an SSH server running that does not require 
> a username and password to login.  There is also an X11 
> server running that accepts connections from anywhere.

we also attempted to inform Dell of an installation vulnerability with
Microsoft Windows XP pro.  After asking us our machine serial number
(which I had!) they ignored us. Never to reply back to numerious emails:
http://www.secnap.com/alerts.php?pg=8.

Prev by Date: REMOTE FILE INCLUSION ( ALL )
Next by Date: Chipmailer <= 1.09 Multiple Vulnerabilities
Previous by thread: Dell Openmanage CD Vulnerability
Next by thread: iFoto v0.20-06/06/06
Index(es):
- Date
- Thread