Novell ZENworks CVE-2012-4933 Vulnerability fix

  • 7011299
  • 02-Nov-2012
  • 09-Nov-2012

Environment

Novell ZENworks Asset Management 7.5
Novell ZENworks Asset Management 10.3
Novell ZENworks Asset Management 11.1
Novell ZENworks Asset Management 11.2
Novell ZENworks Configuration Management 10.3
Novell ZENworks Configuration Management 11
Novell ZENworks Configuration Management 11.1
Novell ZENworks Configuration Management 11.2

Situation

ZENworks Asset Management provides a Web Console, where the user can access the data collected about network devices and edit some information. This web interface provides some maintenance calls, two of them accessible with hard-coded credentials, allowing a remote attacker:
  • To retrieve any file from the remote file system with SYSTEM privileges.
  • To get configuration parameters from the ZENworks Asset Management including the back-end credentials in clear text.

Resolution

For ZAM 7.5: this is available for download at https://download.novell.com/Download?buildid=yse-osBjxeo~

For ZCM 11.2.1 MU2: This is fixed in version 11.2.2 - see KB 7010757 "ZENworks Configuration Management 11.2.2 - update information and list of fixes" which can be found at https://support.microfocus.com/kb/doc.php?id=7010757

Workaround: if it is not possible to upgrade to ZCM 11.2.2 at this time, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=2wjQMyzOfVQ~ as "ZCM 11.2.1 MU2 Novell ZENworks CVE-2012-4933 Vulnerability fix".

For ZCM 11.2.0 MU2: A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=NTAb5Veu2s4~ as "ZCM 11.2.0 MU2 Novell ZENworks CVE-2012-4933 Vulnerability fix".

For ZCM 11.1: A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=UK5c7wGpdhw~ as "ZCM 11.1 Novell ZENworks CVE-2012-4933 Vulnerability fix".

For ZCM 11.0: A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=sg_slpV2wLU~ as "ZCM 11.0 Novell ZENworks CVE-2012-4933 Vulnerability fix".

For ZCM 10.3.4: A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=67fO_THHwwM~ as "ZCM 10.3.4 Novell ZENworks CVE-2012-4933 Vulnerability fix".

For ZCM 10.3.3: A fix for this issue is intended to be included in a future update to the product: however, in the interim, Novell has made a Patch available for testing, in the form of a Field Test File (FTF): it can be obtained at https://download.novell.com/Download?buildid=tKe4jZaLLI8~ as "ZCM 10.3.3 Novell ZENworks CVE-2012-4933 Vulnerability fix".

Cause

The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) uses a hard-coded username of  ****** and a hard-coded password of **** for the
 (1) GetFile_Password and
(2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.

Additional Information

For more information see the full report at CVE website.  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4933