search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Dell Openmanage CD launches unauthenticated services

Vulnerability Note VU#577729

Original Release Date: 2006-07-07 | Last Revised: 2006-07-21

Overview

Dell Openmanage CD launches X11 and SSH daemons that permit unauthenticated users full access.

Description

The Dell Openmanage CD gives system administrators using Dell servers access to drivers, diagnostic tools, remote system control, and other utilities. When loaded, the CD launches X11 and SSH daemons that grant unauthenticated users full access. An attacker would need network access to the server to exploit this vulnerability.

Impact

A remote attacker with network access to the server could take control of the affected system. Only IP connectivity to the server is required to exploit this vulnerability.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Restrict Access

Restrict network access to servers when using the Dell Openmanage CD, or do not connect the server to a network while using the CD. Some of the features of the Dell Openmanage product do not require network connectivity. See the vendor statement section of this document for more details.

Vendor Information

577729
 
Expand all

Dell Computer Corporation, Inc. Affected

Notified:  June 26, 2006 Updated: July 13, 2006

Status

Affected

Vendor Statement

We have been investigating possible security issues with OpenManage Dell Server Assistant(DSA) related to SSH and X11. Dell Server Assistant, or DSA, is a bootable CD that facilitates bare metal (pre-OS) preparation and OS-installation. DSA helps the customer configure RAID and update drivers to prepare a system for installation of a Dell-supported Operating System. After careful testing and consultation, we believe that there is minimal material affect on the security of the system. Nevertheless, customers' confidence in the durability, reliability and security of our products is paramount.  

We have found that the only risk of infiltration happens during the time when the DSA installation CD is booted, actively engaged in a system interview, and the system is connected to the network.  The most effective mitigation of risk is keeping the system off the network until DSA completes the system installation. This is the recommended solution in all cases for users of OpenManage 4.x and prior releases of the DSA CD. DSA installs require no network connectivity unless using the Advanced custom features for RedHat Linux installs with NFS or SMB shares. In all cases, once the OS is installed with proper security measures in place, the system is no longer at risk.  

We have developed programmatic solutions to mitigate the risk with the release of OpenManage 5.0 (SSH fix in current shipping version) and OpenManage 5.1 (SSH and X11 fixes in the coming months).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This document was written by Ryan Giobbi.

Other Information

CVE IDs: None
Severity Metric: 10.26
Date Public: 2006-06-08
Date First Published: 2006-07-07
Date Last Updated: 2006-07-21 12:27 UTC
Document Revision: 19

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis