Novell ZENworks appliance Vulnerability - CVE-1999-0526

  • 7013209
  • 05-Sep-2013
  • 05-Sep-2013


Novell ZENworks Configuration Management 11.2


Potential vulnerability found when scanning a ZENworks Appliance server.


 Place filters to block unauthorized connections from accessing the X server. ZCM does not require X to be running, nor does it require remote X access. Running the command 'xhost -' will enable access control for remote x functionality. You can then validate that access control is enabled by issuing the 'xhost' command by itself.


The X server running on the appliance has no access controls present. This allows an attacker to make a client connect to the X server to record the keystrokes of the user, which may contain sensitive information, such as account passwords.

Additional Information