Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0017)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2015.0017

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2015-0017)

Zusammenfassung: The remote host is missing an update for the 'glpi' package(s) announced via the MGASA-2015-0017 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'glpi' package(s) announced via the MGASA-2015-0017 advisory.

Vulnerability Insight:
Updated glpi package fixes security vulnerabilities:

Due to a bug in GLPI before 0.84.7, a user without access to cost information
can in fact see the information when selecting cost as a search criteria
(CVE-2014-5032).

An issue in GLPI before 0.84.8 may allow arbitrary local files to be included
by PHP through an autoload function (CVE-2014-8360).

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1
allows remote authenticated users to execute arbitrary SQL commands via the
condition parameter (CVE-2014-9258).

Affected Software/OS:
'glpi' package(s) on Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-5032
http://www.mandriva.com/security/advisories?name=MDVSA-2015:167
Common Vulnerability Exposure (CVE) ID: CVE-2014-8360
http://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-en
Common Vulnerability Exposure (CVE) ID: CVE-2014-9258
http://www.exploit-db.com/exploits/35528
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147296.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147313.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147271.html
http://security.szurek.pl/glpi-085-blind-sql-injection.html
http://osvdb.org/show/osvdb/115957
http://secunia.com/advisories/61367

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2015.0017
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2015-0017)
Zusammenfassung:	The remote host is missing an update for the 'glpi' package(s) announced via the MGASA-2015-0017 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'glpi' package(s) announced via the MGASA-2015-0017 advisory. Vulnerability Insight: Updated glpi package fixes security vulnerabilities: Due to a bug in GLPI before 0.84.7, a user without access to cost information can in fact see the information when selecting cost as a search criteria (CVE-2014-5032). An issue in GLPI before 0.84.8 may allow arbitrary local files to be included by PHP through an autoload function (CVE-2014-8360). SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter (CVE-2014-9258). Affected Software/OS: 'glpi' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-5032 http://www.mandriva.com/security/advisories?name=MDVSA-2015:167 Common Vulnerability Exposure (CVE) ID: CVE-2014-8360 http://tlk.tuxfamily.org/doku.php?id=writeup:cve-2014-8360-en Common Vulnerability Exposure (CVE) ID: CVE-2014-9258 http://www.exploit-db.com/exploits/35528 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147296.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147313.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147271.html http://security.szurek.pl/glpi-085-blind-sql-injection.html http://osvdb.org/show/osvdb/115957 http://secunia.com/advisories/61367
Copyright	Copyright (C) 2022 Greenbone AG