lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4F08801D.8000909@vel.nu>
Date: Sat, 07 Jan 2012 18:25:49 +0100
From: Peter Osterberg <j@....nu>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: OP5 Monitor - Multiple Vulnerabilities

Link to full advisory:
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf


Vendor's official statement:
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/


Remote root command execution (non-authenticated)
=================================================
CVSS: 10
CVE: CVE-2012-0261 -
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0261
OSVDB: http://osvdb.org/show/osvdb/78064
Secunia: http://secunia.com/advisories/47417/
Versions: 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1

Remote root command execution (non-authenticated)
=================================================   
CVSS: 10
CVE: CVE-2012-0262 -
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0262
OSVDB: http://osvdb.org/show/osvdb/78065
Secunia: http://secunia.com/advisories/47417/
Versions: 5.3.5, 5.4.0, 5.4.2, 5.5.0, 5.5.1

Credentials leaked in detailed error message (authenticated)
============================================================
CVSS: 1.4
CVE: CVE-2012-0263 -
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0263
Versions: 5.3.5, 5.4.0, 5.4.2

Poor session management in the web application (non-authenticated)
==================================================================
CVSS: 4.7
CVE: CVE-2012-0264 -
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0264
Versions: 5.3.5, 5.4.0, 5.4.2, 5.5.0

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ