CVE-2006-3425

Sažetak

FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html
http://secunia.com/advisories/20876
http://secunia.com/advisories/20878
http://securityreason.com/securityalert/1200
http://securitytracker.com/id?1016405
http://www.securityfocus.com/archive/1/438710/100/0/threaded
http://www.securityfocus.com/bid/18723
http://www.vupen.com/english/advisories/2006/2595
http://www.vupen.com/english/advisories/2006/2596

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:47

Objavljeno

07-07-2006 - 00:05