Vulnerability Description
FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lumension | Patchlink Update Server | 6.1 |
| Novell | Zenworks | <= 6.2 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html
- http://secunia.com/advisories/20876PatchVendor Advisory
- http://secunia.com/advisories/20878PatchVendor Advisory
- http://securityreason.com/securityalert/1200
- http://securitytracker.com/id?1016405Patch
- http://www.securityfocus.com/archive/1/438710/100/0/threaded
- http://www.securityfocus.com/bid/18723
- http://www.vupen.com/english/advisories/2006/2595
- http://www.vupen.com/english/advisories/2006/2596
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html
- http://secunia.com/advisories/20876PatchVendor Advisory
- http://secunia.com/advisories/20878PatchVendor Advisory
- http://securityreason.com/securityalert/1200
- http://securitytracker.com/id?1016405Patch
- http://www.securityfocus.com/archive/1/438710/100/0/threaded
FAQ
What is CVE-2006-3425?
CVE-2006-3425 is a vulnerability with a CVSS score of 7.5 (HIGH). FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which ...
How severe is CVE-2006-3425?
CVE-2006-3425 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3425?
Check the references section above for vendor advisories and patch information. Affected products include: Lumension Patchlink Update Server, Novell Zenworks.