CVE-2006-3425 - Vulnerability Details - OpenCVE

FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lumension	Patchlink Update Server
Novell	Zenworks

Configuration 1 [-]

OR	cpe:2.3:a:lumension:patchlink_update_server:6.1:::::::*
	cpe:2.3:a:lumension:patchlink_update_server:6.2.0.181:::::::*
	cpe:2.3:a:lumension:patchlink_update_server:6.2.0.189:::::::*
	cpe:2.3:a:novell:zenworks::sr1::::::*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html
http://secunia.com/advisories/20876
http://secunia.com/advisories/20878
http://securityreason.com/securityalert/1200
http://securitytracker.com/id?1016405
http://www.securityfocus.com/archive/1/438710/100/0/threaded
http://www.securityfocus.com/bid/18723
http://www.vupen.com/english/advisories/2006/2595
http://www.vupen.com/english/advisories/2006/2596

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-07T00:00:00

Updated: 2024-08-07T18:30:33.542Z

Reserved: 2006-07-06T00:00:00

Link: CVE-2006-3425

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-07-07T00:05:00.000

Modified: 2024-11-21T00:13:36.003

Link: CVE-2006-3425

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-29T00:00:00", "descriptions": [{"lang": "en", "value": "FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"}, {"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"}, {"name": "20876", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20876"}, {"name": "20878", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20878"}, {"name": "1200", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1200"}, {"name": "ADV-2006-2596", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2596"}, {"name": "ADV-2006-2595", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2595"}, {"name": "1016405", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016405"}, {"name": "18723", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18723"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3425", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"}, {"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"}, {"name": "20876", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20876"}, {"name": "20878", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20878"}, {"name": "1200", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1200"}, {"name": "ADV-2006-2596", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2596"}, {"name": "ADV-2006-2595", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2595"}, {"name": "1016405", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016405"}, {"name": "18723", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18723"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:30:33.542Z"}, "title": "CVE Program Container", "references": [{"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"}, {"name": "20060629 Multiple Vulnerabilities in PatchLink Update Server 6", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"}, {"name": "20876", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20876"}, {"name": "20878", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20878"}, {"name": "1200", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1200"}, {"name": "ADV-2006-2596", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2596"}, {"name": "ADV-2006-2595", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2595"}, {"name": "1016405", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016405"}, {"name": "18723", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18723"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3425", "datePublished": "2006-07-07T00:00:00", "dateReserved": "2006-07-06T00:00:00", "dateUpdated": "2024-08-07T18:30:33.542Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lumension:patchlink_update_server:6.1:*:*:*:*:*:*:*", "matchCriteriaId": "188E8F59-0F22-4C43-8B16-CC5637BF6AFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:lumension:patchlink_update_server:6.2.0.181:*:*:*:*:*:*:*", "matchCriteriaId": "7704C648-6295-4145-BD2C-77E62DF55196", "vulnerable": true}, {"criteria": "cpe:2.3:a:lumension:patchlink_update_server:6.2.0.189:*:*:*:*:*:*:*", "matchCriteriaId": "E8171827-A661-4492-BD53-8DEB2F3759A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:novell:zenworks:*:sr1:*:*:*:*:*:*", "matchCriteriaId": "7B1706D5-7465-48C0-8C96-C6798A73B35F", "versionEndIncluding": "6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters."}, {"lang": "es", "value": "FastPatch para (a) PatchLink Update Server (PLUS) versiones anteriores a 6.1 P1 y 6.2.x versiones anteriores a 6.2 SR1 P1, y (b) Novell ZENworks 6.2 SR y versiones anteiores, no requiere autenticaci\u00f3n para dagent/proxyreg.asp, lo cual permite a atacantes remotos listar, a\u00f1adir, o borrar servidores proxy PatchLink Distribution Point (PDP) a trav\u00e9s de la modificaci\u00f3n de los par\u00e1metros (1) List, (2) Proxy, o (3) Delete."}], "id": "CVE-2006-3425", "lastModified": "2024-11-21T00:13:36.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-07T00:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20876"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20878"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1200"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1016405"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18723"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2595"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2596"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20876"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/20878"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1200"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://securitytracker.com/id?1016405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/438710/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18723"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2595"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2596"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}