Sigurnosni nedostatak paketa ocsinventory

U radu programskog paketa ocsinventory uočen je sigurnosni nedostatak koji udaljenom napadaču omogućuje umetanje i pokretanje proizvoljne web skripte ili HTML koda.

Paket:	ocsinventory 1.x
Operacijski sustavi:	Fedora 16
Kritičnost:	3.6
Problem:	XSS
Iskorištavanje:	udaljeno
Posljedica:	umetanje HTML i skriptnog koda
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-4024
Izvorni ID preporuke:	FEDORA-2011-14923
Izvor:	Fedora

Problem:
Spomenuti je nedostatak posljedica XSS ranjivosti. Više detalja o samom propustu za sada nije objavljeno.
Posljedica:
Napadaču omogućuje izvođenje XSS (eng. cross-site scripting) napada.
Rješenje:
Korisnicima se savjetuje instalacija nadogradnje.

Izvorni tekst preporuke

---------------------------------------------------------------------------=
-----
Fedora Update Notification
FEDORA-2011-14923
2011-10-25 21:41:11
---------------------------------------------------------------------------=
-----

Name        : ocsinventory
Product     : Fedora 16
Version     : 1.3.3
Release     : 5.fc16
URL         : http://www.ocsinventory-ng.org/
Summary     : Open Computer and Software Inventory Next Generation
Description :
Open Computer and Software Inventory Next Generation is an application
designed to help a network or system administrator keep track of the
computers configuration and software that are installed on the network.

OCS Inventory is also able to detect all active devices on your network,
such as switch, router, network printer and unattended devices.

OCS Inventory NG includes package deployment feature on client computers.

ocsinventory is a metapackage that will install the communication server,
the administration console and the database server (MySQL).

---------------------------------------------------------------------------=
-----
Update Information:

Fix a XSS vulnerability
---------------------------------------------------------------------------=
-----
References:

  [ 1 ] Bug #748072 - CVE-2011-4024 ocsinventory: XSS flaw
        https://bugzilla.redhat.com/show_bug.cgi?id=3D748072
---------------------------------------------------------------------------=
-----

This update can be installed with the "yum" update program.  Use =

su -c 'yum update ocsinventory' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on t=
he
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
---------------------------------------------------------------------------=
-----
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Sigurnosni nedostatak paketa ocsinventory

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Sigurnosni nedostatak paketa ocsinventory

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti