1. Introduction
Novell ZENworks Asset Management contains a vulnerability in its ‘rtrlet’ component, specifically within the GetFile_Password maintenance call. This allows an attacker to potentially disclose arbitrary files accessible with SYSTEM privileges on a remote host. Businesses using this product could experience confidential data loss and system compromise. Affected systems are typically Novell ZENworks Asset Management installations running the vulnerable version. Impact is high for confidentiality, moderate for integrity, and low for availability.
2. Technical Explanation
The vulnerability stems from hard-coded credentials protecting the ‘GetFile_Password’ maintenance call in ‘/rtrlet/rtr’. An attacker can exploit this by sending a specially crafted POST request to access files on the system with SYSTEM privileges. The associated ‘GetConfigInfo_Password’ call is also vulnerable, potentially exposing Novell ZENworks Configuration Management parameters.
- Root cause: hard-coded credentials used for authentication of maintenance calls.
- Exploit mechanism: An attacker sends a POST request to ‘/rtrlet/rtr’ with the correct credentials to retrieve arbitrary files. For example, an attacker could attempt to read sensitive configuration files from the system.
- Scope: Novell ZENworks Asset Management installations affected by CVE-2012-4933. Specific versions are not detailed in the provided information.
3. Detection and Assessment
Confirming vulnerability requires checking the version of Novell ZENworks Asset Management installed. A thorough assessment involves attempting to access files via the vulnerable endpoint.
- Quick checks: Check the Novell ZENworks Asset Management web application’s ‘About’ page for the version number.
- Scanning: Nessus vulnerability ID 55933 can identify this issue, but is not a guaranteed detection method.
- Logs and evidence: Examine web server logs for requests to ‘/rtrlet/rtr’. Unusual activity may indicate attempted exploitation.
4. Solution / Remediation Steps
Currently, there is no known patch or fix for this vulnerability. The recommended workaround is to restrict access to the web application.
4.1 Preparation
- Dependencies: None known. Roll back involves restoring the backed-up configuration data.
- Change window needs: Access restrictions may impact users; approval from IT management is recommended.
4.2 Implementation
- Step 1: Configure firewall rules to allow access to the Novell ZENworks Asset Management web application only from trusted IP addresses or networks.
- Step 2: Review user accounts with access to the application and ensure they have the minimum necessary privileges.
4.3 Config or Code Example
Before
After
4.4 Security Practices Relevant to This Vulnerability
Several security practices can help mitigate this vulnerability type.
- Practice 1: Least privilege – restrict user accounts and service accounts to the minimum necessary permissions.
- Practice 2: Network segmentation – isolate critical systems like Novell ZENworks Asset Management from untrusted networks.
4.5 Automation (Optional)
5. Verification / Validation
Confirming the fix involves verifying restricted access to the web application and ensuring no unauthorized file access is possible.
- Post-fix check: Attempt to access the Novell ZENworks Asset Management web application from an untrusted IP address; access should be denied.
- Re-test: Re-run a scan with Nessus vulnerability ID 55933; it should no longer report the issue if access is restricted.
- Smoke test: Verify that authorized users can still perform essential tasks within Novell ZENworks Asset Management, such as asset inventory and reporting.
- Monitoring: Monitor web server logs for unauthorized access attempts to ‘/rtrlet/rtr’.
6. Preventive Measures and Monitoring
Updating security baselines and implementing robust patch management processes can help prevent similar vulnerabilities.
- Baselines: Update a security baseline to include restrictions on access to sensitive web applications.
- Pipelines: Implement static application security testing (SAST) during development to identify hard-coded credentials or other insecure configurations.
- Asset and patch process: Establish a regular patch review cycle for Novell ZENworks Asset Management, prioritizing critical vulnerabilities.
7. Risks, Side Effects, and Roll Back
Restricting access may impact legitimate users; ensure proper planning and communication.
- Risk or side effect 2: Incorrect firewall rules could block all access to the application. Mitigation: Careful rule configuration and validation.
- Roll back: Remove the restrictive firewall rules, restoring access to the Novell ZENworks Asset Management web application.
8. References and Resources
Links to official advisories and trusted documentation.
- Vendor advisory or bulletin: Not available in provided context.
- NVD or CVE entry: CVE-2012-4933
- Product or platform documentation relevant to the fix: Not available in provided context.