Operating System:

[WIN][UNIX/Linux]

Published:

22 October 2012

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2012.1013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2012.1013
       Novell ZENworks Asset Management 7.5 web console information
                         disclosure vulnerability
                              22 October 2012

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Novell ZENworks
Publisher:         US-CERT
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Access Privileged Data -- Remote/Unauthenticated
Resolution:        Mitigation
CVE Names:         CVE-2012-4933  

Original Bulletin: 
   http://www.kb.cert.org/vuls/id/332412

- --------------------------BEGIN INCLUDED TEXT--------------------

Vulnerability Note VU#332412

Novell ZENworks Asset Management 7.5 web console information disclosure
vulnerability

Original Release date: 15 Oct 2012 | Last revised: 15 Oct 2012

Overview

The web console for Novell ZENworks Asset Management 7.5 contains an
information disclosure vulnerability. This vulnerability allows a remote
attacker to read any file with SYSTEM privileges and retrieve configuration
parameters from ZENworks Asset Management.

Description

The Novell ZENworks Asset Management web console is provided as a Java web
application named rtrlet. Two HandleMaintenanceCalls, GetFile_Password and
GetConfigInfo_Password have hard-coded credentials. GetFile_Password allows
access to any file on the filesystem and GetConfigInfo_Password allows access
to ZENworks Asset Management configuration parameters along with the back-end
system's credentials.

A full technical analysis of the vulnerability is available on Rapid7's blog
post entitled "New 0day Exploit: Novell ZENworks CVE-2012-4933 Vulnerability"
and Metasploit exploit modules are publicly available.
https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks

Impact

A remote unauthenticated attacker may read any file accessible with SYSTEM
privileges and retrieve configuration parameters from ZENworks Asset
Management.

Solution

We are currently unaware of a practical solution to this problem. Please
consider the following workarounds.

Restrict Access

Appropriate firewall rules should be put in place so only trusted users can
access the web interface.

Vendor Information

Vendor		Status		Date Notified	Date Updated
Novell, Inc.	Affected	13 Sep 2012	15 Oct 2012

If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group		Score	Vector
Base		8.5	AV:N/AC:L/Au:N/C:C/I:P/A:N
Temporal	8.1	E:H/RL:W/RC:C
Environmental	6.1	CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks
http://cwe.mitre.org/data/definitions/798.html

Credit

Thanks to Juan Vazquez for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2012-4933
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4933
Date Public: 15 Oct 2012
Date First Published: 15 Oct 2012
Date Last Updated: 15 Oct 2012
Document Revision: 17

Feedback
If you have feedback, comments, or additional information about this
vulnerability, please send us email cert@cert.org

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBUIXZqe4yVqjM2NGpAQIowQ//b8WrL/6gaYQ62RRWIGY8Odr70hiKu1nh
6pUMCAo8Pd1xOjlnNqoLDGkEd8j1EPOcZx+VD8n9obgFasdbtbelEwSl+c7OemEZ
TPbVM61bTN+KxQ3ynFbe3QwzGz7rj2zr2abKtlW6dyB2/KEhEggMwrALOGif/SU+
yrvGMiu2nz76b+LwTjdtvaipdPWziT73Y4fJkPyBqHL0nqfm6eNScrB1YW5dvJbS
LUzRKK7lA1mqrEou8pKs0tjluGDH+YSKUzlEvxq7jYWk7wsyijofCTpYvmkMnFBl
Fp1XwB1VlDdkYO5YmdMBd0jEm+wsOXe9ios2tJyVQaHY54JnFAMNwYE/5959a9fB
IcEdKHCuc4ueZMjheBYLiX3rzeVJnSg4iuDz0bcr9+7KbKrI8meLKSdsPugx4uEr
4rpzs8h7JkCPbAEvmoUDeCdCHV4kse1w7INpHoWQ9kn3v9VJUeVefA6Lf+SrV89w
6iTqWQ7rGz8KjlPWNlKcX0W4suOFlXxAc5msdetczzRI2mp8ow1mgwiczyVOb3SE
Uz5LURUR1Fk8SJ2TQtAX/rtmkmbqNH+yq6SimIMuhwAicu8IVwA/7BVHUevVy2Cs
DC4PRGXcoy+9O3SEGRM2Eap2q7zTOXsAggfkczrOVjvHk2EVznECbMl5ZVMDTpW3
2e42Fr1W5lM=
=tcM8
-----END PGP SIGNATURE-----