English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsSA38497

Fedora update for ocsinventory


Secunia ID

SA38497
Release Date

09 Feb 2010
Criticality

Less Critical
Solution Status

Vendor Patch
Where

From remote
Impact
Exposure of sensitive information

Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.

Manipulation of data

This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access.

The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries.
Description

Fedora has issued an update for ocsinventory. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct SQL injection attacks.

For more information see vulnerability #2 in:
SA38311
Solution

Apply updated packages via the yum utility ("yum update ocsinventory").
Original Advisory

FEDORA-2010-1535:
https://admin.fedoraproject.org/updates/F12/FEDORA-2010-1535

FEDORA-2010-1540:
https://admin.fedoraproject.org/updates/F11/FEDORA-2010-1540

© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search