CVE-2005-3786

Description

Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One.

Affected products

• Novell / zenworks6.5 – 6.5
• Novell / zenworks_desktops4.0.1 – 4.0.1
• Novell / zenworks_servers3.0.2 – 3.0.2

References

• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2005/2544
• MISChttp://securitytracker.com/id?1015260
• MISChttp://support.novell.com/cgi-bin/search/searchtid.cgi?/10098818.htm
• VENDOR_ADVISORYhttp://secunia.com/advisories/17700
• MISChttp://www.securityfocus.com/bid/15540