Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3425

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3425
Last Modified 07 Mar 2011 09:38:37
Published 06 Jul 2006 08:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3425

Summary

FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.

Vulnerable Systems

Application

  • Lumension Patchlink Update Server 6.1

  • Lumension Patchlink Update Server 6.2.0.181

  • Lumension Patchlink Update Server 6.2.0.189

  • Novell Zenworks 6.2


References

SECTRACK - 1016405

SECUNIA - 20878

SECUNIA - 20876

VUPEN - ADV-2006-2596

VUPEN - ADV-2006-2595

BUGTRAQ - 20060629 Multiple Vulnerabilities in PatchLink Update Server 6

BID - 18723

SREASON - 1200


Last Updated: 27 May 2016 10:43:00