OCS Inventory NG Agent 'Backend.pm' Perl Module Handling Code Execution Vulnerability Network Vulnerability

Summary

OCS Inventory NG Agent is prone to a vulnerability that lets local attackers execute arbitrary Perl code. Local attackers can leverage this issue to execute arbitrary code via the application's insecure Perl module search path. This may allow attackers to elevate their privileges and compromise the application or the underlying computer. Other attacks may also be possible.

Solution

Updates are available. Please see the references for details.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506416
http://www.ocsinventory-ng.org/
http://www.ocsinventory-ng.org/index.php?mact=News
https://www.securityfocus.com/bid/35593

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0667

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache Tomcat /servlet Cross Site Scripting
aflog Cookie-Based Authentication Bypass Vulnerability
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
Atmail Multiple Unspecified Security Vulnerabilities.

Take action and discover your vulnerabilities