Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31264
HistoryOct 16, 2014 - 12:00 a.m.

[oCERT-2014-005] LPAR2RRD input sanitization errors

2014-10-1600:00:00
vulners.com
13
JSON

#2014-005 LPAR2RRD input sanitization errors

Description:

LPAR2RRD is a performance monitoring and capacity planning software for IBM
Power Systems. LPAR2RRD generates historical, future trends and nearly
"real-time" CPU utilization graphs of LPAR's and shared CPU usage.

Insufficient input sanitization on the parameters passed to the application
web gui leads to arbitrary command injection on the LPAR2RRD application
server.

Affected version:

LPAR2RRD <= 4.53, <= 3.5

Fixed version:

LPAR2RRD > 4.53

Credit: vulnerability report and PoC code received from Jurgen Bilberger
<juergen.bilberger AT daimler.com>.

CVE: CVE-2014-4981 (version <= 3.5), CVE-2014-4982 (version <= 4.53)

Timeline:

2014-07-08: vulnerability report received
2014-07-08: contacted LPAR2RRD maintainers
2014-07-20: patch provided by maintainers, assigned CVEs
2010-07-22: contacted affected vendors
2010-07-23: advisory release

References:
http://www.lpar2rrd.com

Permalink:
http://www.ocert.org/advisories/ocert-2014-005.html


Daniele Bianco Open Source Computer Security Incident Response Team
<[email protected]> http://www.ocert.org

GPG Key 0x9544A497
GPG Key fingerprint = 88A7 43F4 F28F 1B9D 6F2D 4AC5 AE75 822E 9544 A497

Related

securityvulns 1
prion 2
cve 2
securityvulns
securityvulns
LPAR2RRD code execution
2014-10-16 00:00:00
prion
prion
Input validation
2020-02-17 22:15:00
Command injection
2020-01-10 13:15:00
cve
cve
CVE-2014-4981
2020-02-17 22:15:00
CVE-2014-4982
2020-01-10 13:15:00
JSON
Related for SECURITYVULNS:DOC:31264
securityvulns1prion2cve2