By Eduard Kovacs on December 08, 2014
Researchers have uncovered a total of 20 security holes in Zenoss Core, the free, open-source version of the application, server, and network management platform Zenoss.
According to an advisory published on Friday by the CERT Coordination Center at Carnegie Mellon University (CERT/CC), the vulnerabilities were identified and reported by Ryan Koppenhaver and Andy Schmitz of Matasano Security.
One of the most serious flaws is CVE-2014-6261, which can be exploited by a remote attacker to execute arbitrary code.
"An attacker who is able to get a victim to visit an attacker-controlled website while logged in to the Zenoss interface can execute arbitrary code on the Zenoss installation. Additionally, an attacker who is able to perform a man-in-the-middle attack between the Zenoss installation and Zenoss' corporate 'callhome' server - or control the 'callhome' server - can execute arbitrary code on the Zenoss installation," reads Zenoss' description of the vulnerability.
full article
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.