oss-sec mailing list archives
CVE Request -- OpenVAS Manager v2.0.3
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 19 Apr 2011 20:09:38 +0200
Hello Josh, Steve, vendors, based on: [1] http://lists.wald.intevation.org/pipermail/openvas-announce/2011-April/000120.html This release fixes a severe security issue discovered after the release of openvas-manager 2.0.2. By crafting a special report format plugin, and knowing about the operating system on which OpenVAS Manager is running, a rogue user was able to upload the plugin and execute arbitrary code with the privileges of the user running the OpenVAS Manager. Could you allocate a CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- OpenVAS Manager v2.0.3 Jan Lieskovsky (Apr 19)
- Re: CVE Request -- OpenVAS Manager v2.0.3 Josh Bressers (Apr 20)