{"vuid":"VU#577729","idnumber":"577729","name":"Dell Openmanage CD launches unauthenticated services","keywords":["Dell","Openmanage","X11","information disclosure"],"overview":"Dell Openmanage CD launches X11 and SSH daemons that permit unauthenticated users full access.","clean_desc":"The Dell Openmanage CD gives system administrators using Dell servers access to drivers, diagnostic tools, remote system control, and other utilities. When loaded, the CD launches X11 and SSH daemons that grant unauthenticated users full access. An attacker would need network access to the server to exploit this vulnerability.","impact":"A remote attacker with network access to the server could take control of the affected system. Only IP connectivity to the server is required to exploit this vulnerability.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"Restrict Access Restrict network access to servers when using the Dell Openmanage CD, or do not connect the server to a network while using the CD. Some of the features of the Dell Openmanage product do not require network connectivity. See the vendor statement section of this document for more details.","sysaffected":"","thanks":"","author":"This document was written by Ryan Giobbi.","public":["http://msgs.securepoint.com/cgi-bin/get/bugtraq0606/187.html","http://www.dell.com/downloads/global/solutions/OpenManage%20for%20Servers%20Brochure%205.5.04.pdf"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-06-22T13:40:41Z","publicdate":"2006-06-08T00:00:00Z","datefirstpublished":"2006-07-07T14:06:20Z","dateupdated":"2006-07-21T12:27:56Z","revision":19,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"20","cam_exploitation":"1","cam_internetinfrastructure":"3","cam_population":"3","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"19","cam_scorecurrent":"10.26","cam_scorecurrentwidelyknown":"10.26","cam_scorecurrentwidelyknownexploited":"18.3825","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.26,"vulnote":null}