LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 22nd, 2014
Linux Advisory Watch: September 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:014: glpi Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been found and corrected in GLPI: The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:014
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : glpi
 Date    : February 6, 2012
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in GLPI:
 
 The autocompletion functionality in GLPI before 0.80.2 does not
 blacklist certain username and password fields, which allows remote
 attackers to obtain sensitive information via a crafted POST request
 (CVE-2011-2720).
 
 This advisory provides the latest version of GLPI (0.80.6) which are
 not vulnerable to this issue. Additionally the latest versions of
 the corresponding plugins are also being provided.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2720
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 c7f395789eb64eb9e0ffc4342a99ed55  mes5/i586/glpi-0.80.6-0.1mdvmes5.2.noarch.rpm
 078100b3f360e6582e87298a81145f1a  mes5/i586/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.noarch.rpm
 53890496416d72fdd51b2057ae1a1f3c  mes5/i586/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.noarch.rpm
 a708034532f947e7a63af7c2c621d0ce  mes5/i586/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.noarch.rpm
 fd71716b4725f241bd4f0e84a8758202  mes5/i586/glpi-plugin-fusioninventory-deploy-2.4.0-0.1mdvmes5.2.noarch.rpm
 00c3905d1ebe05f496302681371b5caa  mes5/i586/glpi-plugin-fusioninventory-inventory-2.4.0-0.1mdvmes5.2.noarch.rpm
 4e34bd20f1e30ef96ea5dfcf0a8fe7cb  mes5/i586/glpi-plugin-fusioninventory-snmp-2.4.0-0.1mdvmes5.2.noarch.rpm
 cd03c2b5099971e730f17dc9d882a564  mes5/i586/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.noarch.rpm
 8964b51517e131d3f07a0ee4bc38ef22  mes5/i586/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.noarch.rpm
 b3c462fef41e1878b41f7355a84d59e4  mes5/i586/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.noarch.rpm
 2301fd4253cfdfc61422f2defabe6cb6  mes5/i586/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.noarch.rpm
 f0f0842991e24b58c0e348dbd836d767  mes5/i586/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.noarch.rpm
 7288cd69af6d5848a373b2628c69bc66  mes5/i586/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.noarch.rpm
 955fbca4fe60125b3e19bac2fb333376  mes5/i586/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.noarch.rpm 
 1d11c45cea71dd7730eee4439f48ef05  mes5/SRPMS/glpi-0.80.6-0.1mdvmes5.2.src.rpm
 87c1748b9a0391655babc46ff5b85405  mes5/SRPMS/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.src.rpm
 af029f6e1c9397d9e48c8f5bbe4169c3  mes5/SRPMS/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.src.rpm
 0776abf6bf577c5250898152c306b6e6  mes5/SRPMS/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.src.rpm
 332327381f568a1874959649c4c90d10  mes5/SRPMS/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.src.rpm
 23fe81b495620dd3b585c379159a4356  mes5/SRPMS/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.src.rpm
 f278b793d1da40e30d5ca6b48dd10d57  mes5/SRPMS/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.src.rpm
 d1ae9d8e59075559ff9bf258585142de  mes5/SRPMS/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.src.rpm
 afb9113a0043b01cd6ae20aee54836d0  mes5/SRPMS/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.src.rpm
 4cb6f5e63f60eb123e9c934f26361b13  mes5/SRPMS/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.src.rpm
 fadf8996860cde48a9b22aa3d20173eb  mes5/SRPMS/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 e29fd9e505428488ebdc44bbd9a8ef85  mes5/x86_64/glpi-0.80.6-0.1mdvmes5.2.noarch.rpm
 736f66685b8abf7bd50d991467641c4f  mes5/x86_64/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.noarch.rpm
 6b729ce24cf97bdedc4592222899df51  mes5/x86_64/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.noarch.rpm
 b38dff9e035640be7e391fff3b353bfd  mes5/x86_64/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.noarch.rpm
 7b27d4ece0c54032c55602a1688ecbd7  mes5/x86_64/glpi-plugin-fusioninventory-deploy-2.4.0-0.1mdvmes5.2.noarch.rpm
 b153b807be6f6e1ed585e656ccb0fa20  mes5/x86_64/glpi-plugin-fusioninventory-inventory-2.4.0-0.1mdvmes5.2.noarch.rpm
 b75527a8b2bbc79bb7f441465f3962e2  mes5/x86_64/glpi-plugin-fusioninventory-snmp-2.4.0-0.1mdvmes5.2.noarch.rpm
 7a1758ad413b72d537bf623697751ceb  mes5/x86_64/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.noarch.rpm
 bbc1b138b488a08f4d67fb077808892e  mes5/x86_64/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.noarch.rpm
 892a7f48b8e809a8746b564f85b13a92  mes5/x86_64/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.noarch.rpm
 6cad8a2f9f8c17135f996317d5e23845  mes5/x86_64/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.noarch.rpm
 95c066f7b2f13b06332da9807ebdeef5  mes5/x86_64/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.noarch.rpm
 4d19a6dda012a3c7599e133b93728d80  mes5/x86_64/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.noarch.rpm
 d786be82c4669422ab2b67e6cdbe6fe7  mes5/x86_64/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.noarch.rpm 
 1d11c45cea71dd7730eee4439f48ef05  mes5/SRPMS/glpi-0.80.6-0.1mdvmes5.2.src.rpm
 87c1748b9a0391655babc46ff5b85405  mes5/SRPMS/glpi-plugin-archires-1.9.1-0.1mdvmes5.2.src.rpm
 af029f6e1c9397d9e48c8f5bbe4169c3  mes5/SRPMS/glpi-plugin-datainjection-2.1.2-0.1mdvmes5.2.src.rpm
 0776abf6bf577c5250898152c306b6e6  mes5/SRPMS/glpi-plugin-fusioninventory-2.4.0-0.1mdvmes5.2.src.rpm
 332327381f568a1874959649c4c90d10  mes5/SRPMS/glpi-plugin-genericobject-2.0.1-0.1mdvmes5.2.src.rpm
 23fe81b495620dd3b585c379159a4356  mes5/SRPMS/glpi-plugin-manufacturersimports-1.4.1-0.1mdvmes5.2.src.rpm
 f278b793d1da40e30d5ca6b48dd10d57  mes5/SRPMS/glpi-plugin-massocsimport-1.5.2-0.1mdvmes5.2.src.rpm
 d1ae9d8e59075559ff9bf258585142de  mes5/SRPMS/glpi-plugin-racks-1.2.0-0.1mdvmes5.2.src.rpm
 afb9113a0043b01cd6ae20aee54836d0  mes5/SRPMS/glpi-plugin-reports-1.5.0-0.1mdvmes5.2.src.rpm
 4cb6f5e63f60eb123e9c934f26361b13  mes5/SRPMS/glpi-plugin-webservices-1.2.0-0.1mdvmes5.2.src.rpm
 fadf8996860cde48a9b22aa3d20173eb  mes5/SRPMS/perl-Parallel-ForkManager-0.7.9-0.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google to turn on encryption by default in next Android version
TOR users become FBI's No.1 hacking target after legal power grab
OWASP Releases Latest App Sec Guide
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.