Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5520

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5520
Last Modified 24 Nov 2013 11:29:11
Published 26 Nov 2012 07:45:22
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5520

Summary

The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x before 3.0.4 allows remote attackers to execute arbitrary commands via the (1) IP address or (2) port number field in an OMP request.

Vulnerable Systems

Application

  • Openvas Manager 3.0

  • Openvas Manager 3.0.0

  • Openvas Manager 3.0.1

  • Openvas Manager 3.0.2

  • Openvas Manager 3.0.3


References

CONFIRM - http://www.openvas.org/OVSA20121112.html

CONFIRM - http://wald.intevation.org/scm/viewvc.php?view=rev&root=openvas&revision=14437

MLIST - [oss-security] 20121114 Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection

MLIST - [oss-security] 20121114 Re: Re: Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection

MLIST - [oss-security] 20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection

MLIST - [oss-security] 20121113 Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection

BUGTRAQ - 20121113 [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection

BID - 56497

SECUNIA - 49128

BUGTRAQ - 20121114 Re: Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection

BUGTRAQ - 20121114 Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection


Last Updated: 27 May 2016 11:01:24