> -----Original Message-----
> From: wiz561 (at) gmail (dot) com [email concealed] [mailto:wiz561 (at) gmail (dot) com [email concealed]]
> Sent: Thursday, June 08, 2006 5:29 PM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Dell Openmanage CD Vulnerability
>
>
> When you boot up using the Dell PowerEdge Installation and
> Server Management Disc (P/N: WG126 Rev. A00, October 2005),
> there are two major vulnerabilities on the machine. If you
> use this disc to boot up and you are connected to a DHCP
> network, there is an SSH server running that does not require
> a username and password to login. There is also an X11
> server running that accepts connections from anywhere.
we also attempted to inform Dell of an installation vulnerability with
Microsoft Windows XP pro. After asking us our machine serial number
(which I had!) they ignored us. Never to reply back to numerious emails:
http://www.secnap.com/alerts.php?pg=8.
> From: wiz561 (at) gmail (dot) com [email concealed] [mailto:wiz561 (at) gmail (dot) com [email concealed]]
> Sent: Thursday, June 08, 2006 5:29 PM
> To: bugtraq (at) securityfocus (dot) com [email concealed]
> Subject: Dell Openmanage CD Vulnerability
>
>
> When you boot up using the Dell PowerEdge Installation and
> Server Management Disc (P/N: WG126 Rev. A00, October 2005),
> there are two major vulnerabilities on the machine. If you
> use this disc to boot up and you are connected to a DHCP
> network, there is an SSH server running that does not require
> a username and password to login. There is also an X11
> server running that accepts connections from anywhere.
we also attempted to inform Dell of an installation vulnerability with
Microsoft Windows XP pro. After asking us our machine serial number
(which I had!) they ignored us. Never to reply back to numerious emails:
http://www.secnap.com/alerts.php?pg=8.
[ reply ]