==================================================================== CERT-Renater Note d'Information No. 2012/VULN423 ____________________________________________________________________ DATE : 19/10/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Novell ZENworks Asset Management version 7.5. ====================================================================== http://www.kb.cert.org/vuls/id/332412 ______________________________________________________________________ Vulnerability Note VU#332412 Novell ZENworks Asset Management 7.5 web console information disclosure vulnerability Original Release date: 15 oct. 2012 | Last revised: 15 oct. 2012 Overview The web console for Novell ZENworks Asset Management 7.5 contains an information disclosure vulnerability. This vulnerability allows a remote attacker to read any file with SYSTEM privileges and retrieve configuration parameters from ZENworks Asset Management. Description The Novell ZENworks Asset Management web console is provided as a Java web application named rtrlet. Two HandleMaintenanceCalls, GetFile_Password and GetConfigInfo_Password have hard-coded credentials. GetFile_Password allows access to any file on the filesystem and GetConfigInfo_Password allows access to ZENworks Asset Management configuration parameters along with the back-end system's credentials. A full technical analysis of the vulnerability is available on Rapid7's blog post entitled "New 0day Exploit: Novell ZENworks CVE-2012-4933 Vulnerability" and Metasploit exploit modules are publicly available. Impact A remote unauthenticated attacker may read any file accessible with SYSTEM privileges and retrieve configuration parameters from ZENworks Asset Management. Solution We are currently unaware of a practical solution to this problem. Please consider the following workarounds. Restrict Access Appropriate firewall rules should be put in place so only trusted users can access the web interface. Vendor Information (Learn More) Vendor Status Date Notified Date Updated Novell, Inc. Affected 13 Sep 2012 15 Oct 2012 If you are a vendor and your product is affected, let us know. CVSS Metrics (Learn More) Group Score Vector Base 8,5 AV:N/AC:L/Au:N/C:C/I:P/A:N Temporal 8,1 E:H/RL:W/RC:C Environmental 6,1 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND References https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks http://cwe.mitre.org/data/definitions/798.html Credit Thanks to Juan Vazquez for reporting this vulnerability. This document was written by Jared Allar. Other Information CVE IDs: CVE-2012-4933 Date Public: 15 oct. 2012 Date First Published: 15 oct. 2012 Date Last Updated: 15 oct. 2012 Document Revision: 17 Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================