Bugtraq mailing list archives

RE: Dell Openmanage CD Vulnerability

From: "Michael Scheidell" <scheidell () secnap net>
Date: Fri, 9 Jun 2006 19:37:20 -0400

-----Original Message-----
From: wiz561 () gmail com [mailto:wiz561 () gmail com] 
Sent: Thursday, June 08, 2006 5:29 PM
To: bugtraq () securityfocus com
Subject: Dell Openmanage CD Vulnerability

When you boot up using the Dell PowerEdge Installation and 
Server Management Disc (P/N: WG126 Rev. A00, October 2005), 
there are two major vulnerabilities on the machine.  If you 
use this disc to boot up and you are connected to a DHCP 
network, there is an SSH server running that does not require 
a username and password to login.  There is also an X11 
server running that accepts connections from anywhere.


we also attempted to inform Dell of an installation vulnerability with
Microsoft Windows XP pro.  After asking us our machine serial number
(which I had!) they ignored us. Never to reply back to numerious emails:
http://www.secnap.com/alerts.php?pg=8.

Current thread:

Dell Openmanage CD Vulnerability wiz561 (Jun 09)
- <Possible follow-ups>
- RE: Dell Openmanage CD Vulnerability Michael Scheidell (Jun 13)