Bugtraq mailing list archives
RE: Dell Openmanage CD Vulnerability
From: "Michael Scheidell" <scheidell () secnap net>
Date: Fri, 9 Jun 2006 19:37:20 -0400
-----Original Message----- From: wiz561 () gmail com [mailto:wiz561 () gmail com] Sent: Thursday, June 08, 2006 5:29 PM To: bugtraq () securityfocus com Subject: Dell Openmanage CD Vulnerability When you boot up using the Dell PowerEdge Installation and Server Management Disc (P/N: WG126 Rev. A00, October 2005), there are two major vulnerabilities on the machine. If you use this disc to boot up and you are connected to a DHCP network, there is an SSH server running that does not require a username and password to login. There is also an X11 server running that accepts connections from anywhere.
we also attempted to inform Dell of an installation vulnerability with Microsoft Windows XP pro. After asking us our machine serial number (which I had!) they ignored us. Never to reply back to numerious emails: http://www.secnap.com/alerts.php?pg=8.
Current thread:
- Dell Openmanage CD Vulnerability wiz561 (Jun 09)
- <Possible follow-ups>
- RE: Dell Openmanage CD Vulnerability Michael Scheidell (Jun 13)