Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.1013 Novell ZENworks Asset Management 7.5 web console information disclosure vulnerability 22 October 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Novell ZENworks Publisher: US-CERT Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Privileged Data -- Remote/Unauthenticated Resolution: Mitigation CVE Names: CVE-2012-4933 Original Bulletin: http://www.kb.cert.org/vuls/id/332412 - --------------------------BEGIN INCLUDED TEXT-------------------- Vulnerability Note VU#332412 Novell ZENworks Asset Management 7.5 web console information disclosure vulnerability Original Release date: 15 Oct 2012 | Last revised: 15 Oct 2012 Overview The web console for Novell ZENworks Asset Management 7.5 contains an information disclosure vulnerability. This vulnerability allows a remote attacker to read any file with SYSTEM privileges and retrieve configuration parameters from ZENworks Asset Management. Description The Novell ZENworks Asset Management web console is provided as a Java web application named rtrlet. Two HandleMaintenanceCalls, GetFile_Password and GetConfigInfo_Password have hard-coded credentials. GetFile_Password allows access to any file on the filesystem and GetConfigInfo_Password allows access to ZENworks Asset Management configuration parameters along with the back-end system's credentials. A full technical analysis of the vulnerability is available on Rapid7's blog post entitled "New 0day Exploit: Novell ZENworks CVE-2012-4933 Vulnerability" and Metasploit exploit modules are publicly available. https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks Impact A remote unauthenticated attacker may read any file accessible with SYSTEM privileges and retrieve configuration parameters from ZENworks Asset Management. Solution We are currently unaware of a practical solution to this problem. Please consider the following workarounds. Restrict Access Appropriate firewall rules should be put in place so only trusted users can access the web interface. Vendor Information Vendor Status Date Notified Date Updated Novell, Inc. Affected 13 Sep 2012 15 Oct 2012 If you are a vendor and your product is affected, let us know. CVSS Metrics Group Score Vector Base 8.5 AV:N/AC:L/Au:N/C:C/I:P/A:N Temporal 8.1 E:H/RL:W/RC:C Environmental 6.1 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND References https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks http://cwe.mitre.org/data/definitions/798.html Credit Thanks to Juan Vazquez for reporting this vulnerability. This document was written by Jared Allar. Other Information CVE IDs: CVE-2012-4933 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4933 Date Public: 15 Oct 2012 Date First Published: 15 Oct 2012 Date Last Updated: 15 Oct 2012 Document Revision: 17 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email cert@cert.org - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUIXZqe4yVqjM2NGpAQIowQ//b8WrL/6gaYQ62RRWIGY8Odr70hiKu1nh 6pUMCAo8Pd1xOjlnNqoLDGkEd8j1EPOcZx+VD8n9obgFasdbtbelEwSl+c7OemEZ TPbVM61bTN+KxQ3ynFbe3QwzGz7rj2zr2abKtlW6dyB2/KEhEggMwrALOGif/SU+ yrvGMiu2nz76b+LwTjdtvaipdPWziT73Y4fJkPyBqHL0nqfm6eNScrB1YW5dvJbS LUzRKK7lA1mqrEou8pKs0tjluGDH+YSKUzlEvxq7jYWk7wsyijofCTpYvmkMnFBl Fp1XwB1VlDdkYO5YmdMBd0jEm+wsOXe9ios2tJyVQaHY54JnFAMNwYE/5959a9fB IcEdKHCuc4ueZMjheBYLiX3rzeVJnSg4iuDz0bcr9+7KbKrI8meLKSdsPugx4uEr 4rpzs8h7JkCPbAEvmoUDeCdCHV4kse1w7INpHoWQ9kn3v9VJUeVefA6Lf+SrV89w 6iTqWQ7rGz8KjlPWNlKcX0W4suOFlXxAc5msdetczzRI2mp8ow1mgwiczyVOb3SE Uz5LURUR1Fk8SJ2TQtAX/rtmkmbqNH+yq6SimIMuhwAicu8IVwA/7BVHUevVy2Cs DC4PRGXcoy+9O3SEGRM2Eap2q7zTOXsAggfkczrOVjvHk2EVznECbMl5ZVMDTpW3 2e42Fr1W5lM= =tcM8 -----END PGP SIGNATURE-----