mailing list archives
[CIRT.DK] - Novell ZENworks Patch Management Server 220.127.116.11 - SQL injection
From: "CIRT.DK Advisory" <advisory () cirt dk>
Date: Thu, 27 Oct 2005 16:24:05 +0200
The Novell ZENworks Patch Management Server 18.104.22.168 is vulnerable to
SQL injection in the management console.
To being able to exploit this issue the administrator have to
manually created a none-privileged account as minimum, to allow
Upgrade to ZENworks Patch Management version 22.214.171.124
(or newer hot fix via your PLUS server) found at http://download.novell.com.
The 126.96.36.199 CD ISO image was on the Novell download site up until the 2nd
week of September, 2005.
The ZENworks Patch Management CD ISO image that is currently available at
the download site at the
time of this document being published
ISO Name: ZEN_PatchMgmt_Upd6.2.iso Size: 323.8 MB
(339607552) MD5: aeb244ecdf29c83cb8388fae1a6a1919
A technical description of the vulnerability can be read at:
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- [CIRT.DK] - Novell ZENworks Patch Management Server 188.8.131.52 - SQL injection CIRT.DK Advisory (Oct 27)