CentOS Update For Luci CESA-2011:0394 Centos5 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The conga packages provide a web-based administration tool for remote cluster and storage management. A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720) Users of Conga are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, luci must be restarted (&quot service luci restart&quot ) for the update to take effect.

Affected

luci on CentOS 5

References

http://lists.centos.org/pipermail/centos-announce/2011-April/017419.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0720

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1205 (httpd)
CentOS Security Advisory CESA-2009:0003 (xen)
CentOS Security Advisory CESA-2009:1130 (kdegraphics)
CentOS Security Advisory CESA-2009:0001-01 (kernel)
CentOS Security Advisory CESA-2009:0344 (libsoup)

CentOS Update for luci CESA-2011:0394 centos5 i386

Take action and discover your vulnerabilities