CVE-2006-3425

Name of the Vulnerable Software and Affected Versions FastPatch for PatchLink Update Server (PLUS) versions prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1 FastPatch for Novell ZENworks versions prior to 6.2 SR1

Description The issue allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers without requiring authentication. This can be achieved by modifying certain parameters in the dagent/proxyreg.asp endpoint, specifically the List, Proxy, or Delete parameters.

Recommendations For FastPatch for PatchLink Update Server (PLUS) versions prior to 6.1 P1 and 6.2.x prior to 6.2 SR1 P1, update to version 6.1 P1 or 6.2 SR1 P1 or later. For FastPatch for Novell ZENworks versions prior to 6.2 SR1, update to version 6.2 SR1 or later. As a temporary workaround, consider restricting access to the dagent/proxyreg.asp endpoint to minimize the risk of exploitation.