Centreon Remote Code Execution Network Vulnerability

Summary

Centreon is affected by two vulnerabilities: 1. Unauthenticated remote command execution This vulnerability allows an unauthenticated user to execute arbitrary commands on the remote system. 2. Information disclosure (local) A specific command-line utility allows local users to escalate privileges and retrieve sensitive files on the system, such as /etc/shadow. This vulnerability provides a root user access on files (read only)

Impact

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application.

Solution

Updates are available.

Affected

Centreon <= 2.5.3

Detection

Send a special crafted login request.

References

http://seclists.org/oss-sec/2014/q4/848

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

artmedic_links5 File Inclusion Vulnerability
AIOCP 'cp_html2xhtmlbasic.php' Remote File Inclusion Vulnerability
Admin Bot 'news.php' SQL Injection Vulnerability
AudiStat multiple vulnerabilities
Admin News Tools Multiple Vulnerabilities

Take action and discover your vulnerabilities