Novell ZENworks Desktop Management Installation Service Remote Information Disclosure Vulnerability
ZDI-09-101: November 30th, 2009Affected Vendors
Affected Products
Vulnerability Details
This vulnerability allows remote attackers to impersonate valid users in vulnerable installations of Novell ZENworks Desktop Management. Authentication is not required to exploit this vulnerability.
The specific flaw exists due to an information leak when querying the AWSI service which listens by default on TCP port 8039. The leak allows attackers to glean the security token of any remote machine. Once obtained this token can be added to the attackers registry and any objects the target has in the eDirectory tree can be accessed. The vulnerability lies in the combination of the ability to query the Desktop Management server for a remote clients workstation token and the lack of checking the token against the proper host.
Vendor Response
Novell has issued an update to correct this vulnerability. More details can be found at:Disclosure Timeline
-
2009-03-26 - Vulnerability reported to vendor
2009-11-30 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
Anonymous
