Authentication Bypass in PatchLink Update Server and Novell ZENworks
CVE-2006-3425

Currently unrated

Key Information:

Vendor: Novell
Status: Zenworks; Patchlink Update Server
Vendor: CVE Published:; 7 July 2006

Summary

The vulnerability in PatchLink Update Server and Novell ZENworks allows remote attackers to exploit an authentication bypass at dagent/proxyreg.asp. This flaws permits unauthorized access to manipulate PatchLink Distribution Point (PDP) proxy servers. Attackers can list, create, or delete proxy resources by altering the request parameters without needing any form of authentication, which can lead to a significant compromise in system integrity.

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-J...

mailing-listx_refsource_FULLDISC

http://www.securityfocus.com/archive/1/438710/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/20876

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 7, 2006
Vulnerability Reserved
Jul 6, 2006