Summary: | net-analyzer/openvas: Command injection when processing OMP Requests (CVE-2011-0018) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Yury German <blueknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | trivial | CC: | hanno |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openvas.org/OVSA20110118.html | ||
Whiteboard: | ~1 | ||
Package list: | Runtime testing required: | --- |
Description
Yury German
![]() ![]() CVE-2011-0018 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0018): The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA). net-analyzer/openvas-manager-2.0.4 (pulled in by net-analyzer/openvas-4) is the only version ever in the tree and is not vulnerable. <net-analyzer/openvas-4 did not pull in net-analyzer/openvas-manager and so was also not vulnerable. |