Scientific Linux Security Update : luci on SL6.x i386/x86_64 (20141014)

medium Nessus Plugin ID 78847

Language:

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

It was discovered that luci used eval() on inputs containing strings from the cluster configuration file when generating its web pages. An attacker with privileges to create or edit the cluster configuration could use this flaw to execute arbitrary code as the luci user on a host running luci. (CVE-2014-3593)

Solution

Update the affected luci and / or luci-debuginfo packages.

Plugin Details

Severity: Medium

ID: 78847

File Name: sl_20141014_luci_on_SL6_x.nasl

Version: 1.5

Type: local

Agent: unix

Family: Scientific Linux Local Security Checks

Published: 11/4/2014

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:luci, p-cpe:/a:fermilab:scientific_linux:luci-debuginfo, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 10/14/2014

Vulnerability Publication Date: 10/15/2014

Reference Information

CVE: CVE-2014-3593

Detections

Analytics