Executive Summary

Summary
Title Novell ZENworks Asset Management 7.5 web console information disclosure vulnerability
Informations
Name VU#332412 First vendor Publication 2012-10-15
Vendor VU-CERT Last vendor Modification 2012-11-01
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:N/A:N)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#332412

Novell ZENworks Asset Management 7.5 web console information disclosure vulnerability

Original Release date: 15 Oct 2012 | Last revised: 01 Nov 2012

Overview

The web console for Novell ZENworks Asset Management 7.5 contains an information disclosure vulnerability. This vulnerability allows a remote attacker to read any file with SYSTEM privileges and retrieve configuration parameters from ZENworks Asset Management.

Description

The Novell ZENworks Asset Management web console is provided as a Java web application named rtrlet. Two HandleMaintenanceCalls, GetFile_Password and GetConfigInfo_Password have hard-coded credentials. GetFile_Password allows access to any file on the filesystem and GetConfigInfo_Password allows access to ZENworks Asset Management configuration parameters along with the back-end system's credentials.

A full technical analysis of the vulnerability is available on Rapid7's blog post entitled "New 0day Exploit: Novell ZENworks CVE-2012-4933 Vulnerability" and Metasploit exploit modules are publicly available.

Impact

A remote unauthenticated attacker may read any file accessible with SYSTEM privileges and retrieve configuration parameters from ZENworks Asset Management.

Solution

Apply an Update

Novell has released a patch to address this vulnerability. Follow the below steps to apply the patch on a ZAM 7.5 Server.

  1. Stop the ZAM services from the service manager
  2. Take a backup of the existing rtrlet.war found in your ZAM 7.5's Tomcat directory.
  3. Delete the rtrlet directory under Tomcat5\webapps\
  4. Replace the rtrlet.war Tomcat5\webapps\ with the one distributed with this patch.
  5. Start the ZAM 7.5 services.

If you cannot patch, please consider the following workarounds.

Restrict Access

Appropriate firewall rules should be put in place so only trusted users can access the web interface.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Novell, Inc.Affected13 Sep 201215 Oct 2012
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base8.5AV:N/AC:L/Au:N/C:C/I:P/A:N
Temporal8.1E:H/RL:W/RC:C
Environmental6.1CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

  • http://download.novell.com/Download?buildid=yse-osBjxeo~
  • https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks
  • http://cwe.mitre.org/data/definitions/798.html

Credit

Thanks to Juan Vazquez for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs:CVE-2012-4933
  • Date Public:15 Oct 2012
  • Date First Published:15 Oct 2012
  • Date Last Updated:01 Nov 2012
  • Document Revision:20

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify

Original Source

Url : http://www.kb.cert.org/vuls/id/332412

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-255 Credentials Management

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2012-10-26 Name : Novell ZENWorks Asset Management Information Disclosure Vulnerabilities
File : nvt/secpod_novell_zenworks_asset_mangment_info_disc_vuln.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Novell ZENworks Asset Management default admin credentials function call attempt
RuleID : 24436 - Revision : 8 - Type : SERVER-WEBAPP
2014-01-10 Novell ZENworks Asset Management default admin credentials function call attempt
RuleID : 24435 - Revision : 8 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2012-10-25 Name : The remote host has an arbitrary information disclosure vulnerability.
File : novell_zenworks_asset_management_arbitrary_information_disclosure.nasl - Type : ACT_ATTACK

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 12:07:44
  • Multiple Updates
2014-01-19 21:31:03
  • Multiple Updates