Dell PowerEdge boot cd default SSH and X11 server
| dell-cd-boot-unauth-access (27137) |  Medium Risk |
Description:
The Dell PowerEdge Installation and Server Management Disc could allow a remote attacker gain unauthorized access to the system. If the system is booted using the PowerEdge Installation and Server Management Disc, an SSH server and an X11 server is started that does not require authentication credentials and accepts connections from any source. This could leave an affected system open to possible remote compromise.
Platforms Affected:
- Dell, PowerEdge Installation Disc WG126 A00
Remedy:
No remedy available as of January 3, 2009.
Consequences:
Gain Access
References:
- Bugtraq Mailing List, Thu Jun 08 2006 - 16:29:19 CDT , Dell Openmanage CD Vulnerability at http://archives.neohapsis.com/archives/bugtraq/2006-06/0102.html.
- CVE-2006-3470: The Dell Openmanage CD launches X11 and SSH daemons that do not require authentication, which allows remote attackers to gain privileges.
- US-CERT VU#577729: Dell Openmanage CD launches unauthenticated services
Reported:
Jun 08, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2009 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net