Overview
Dell Openmanage CD launches X11 and SSH daemons that permit unauthenticated users full access.
Description
The Dell Openmanage CD gives system administrators using Dell servers access to drivers, diagnostic tools, remote system control, and other utilities. When loaded, the CD launches X11 and SSH daemons that grant unauthenticated users full access. An attacker would need network access to the server to exploit this vulnerability. |
Impact
A remote attacker with network access to the server could take control of the affected system. Only IP connectivity to the server is required to exploit this vulnerability. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
Restrict Access Restrict network access to servers when using the Dell Openmanage CD, or do not connect the server to a network while using the CD. Some of the features of the Dell Openmanage product do not require network connectivity. See the vendor statement section of this document for more details. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This document was written by Ryan Giobbi.
Other Information
| CVE IDs: | None |
| Severity Metric: | 10.26 |
| Date Public: | 2006-06-08 |
| Date First Published: | 2006-07-07 |
| Date Last Updated: | 2006-07-21 12:27 UTC |
| Document Revision: | 19 |