CVE-2006-3425

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks; Patchlink Update Server
Vendor: CVE Published:; 7 July 2006

Summary

FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-J...

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/438710/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/20876

third-party-advisoryx_refsource_SECUNIA

EPSS Score

2% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 7, 2006
Vulnerability Reserved
Jul 6, 2006

Collectors

NVD DatabaseMitre Database