An Information disclosure 0-day vulnerability has been discovered in Novell ZENworks Asset Management 7.5 that allows that allows a remote attacker to read any file with SYSTEM privileges and retrieve configuration parameters from ZENworks Asset Management.
The web console is provided as a Java web application named rtrlet. Two HandleMaintenanceCalls, GetFile_Password and GetConfigInfo_Password have hard-coded credentials. GetFile_Password allows access to any file on the filesystem and GetConfigInfo_Password allows access to ZENworks Asset Management configuration parameters along with the back-end system's credentials.
ZENworks Asset Management provides a Web Console, where the user can access the data collected about network devices and edit some information.
The web console is provided as a Java web application named rtrlet. Two HandleMaintenanceCalls, GetFile_Password and GetConfigInfo_Password have hard-coded credentials. GetFile_Password allows access to any file on the filesystem and GetConfigInfo_Password allows access to ZENworks Asset Management configuration parameters along with the back-end system's credentials.
The vulnerability discovered by Rapid7 exploit developer Juan Vazquez ,wrote an exploit module for Metasploit. Metasploit notified both Novell and CERT, as per its disclosure policy.
US-CERT is not currently aware of any solutions to the problem, but they suggest some workarounds " Restrict Access: Appropriate firewall rules should be put in place so only trusted users can access the web interface."