Summary
Centreon is affected by two vulnerabilities:
1. Unauthenticated remote command execution
This vulnerability allows an unauthenticated user to execute arbitrary commands on the remote system.
2. Information disclosure (local)
A specific command-line utility allows local users to escalate privileges and retrieve sensitive files on the system, such as /etc/shadow. This vulnerability provides a root user access on files (read only)
Impact
Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application.
Solution
Updates are available.
Affected
Centreon <= 2.5.3
Detection
Send a special crafted login request.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Artmedic Kleinanzeigen File Inclusion Vulnerability
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- 68designs 68kb Multiple Remote File Include Vulnerabilities
- Admin Bot 'news.php' SQL Injection Vulnerability