Novell ZENworks appliance Vulnerability - CAN-1999-0618

  • 7013210
  • 05-Sep-2013
  • 05-Sep-2013

Environment


Novell ZENworks Configuration Management 11.2

Situation

A potential vulnerability has been found with the ZENworks Appliance server.

Resolution

Disable the rexecd service if not required for business functionality, or apply access control to block unauthorized connections from connecting to the service.  ZENworks Appliance does not need this service for its functionality. Disable the feature by issuing the command 'chkconfig rexec off'

Cause

The rexecd service is running. The rexecd service does  not provide strong authentications measures, and can be used by an attacker to scan third party hosts.

Additional Information

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0618

Feedback service temporarily unavailable. For content questions or problems, please contact Support.