CM 5.2.1 vulnerability

[alindquist]

Hello Everyone.
I have a number of CM 5.2.1 servers that are failing a secutrity audit. They have the "Caldera OpenLinux rpm_querryVulnerability". When I Google that, it says to go to the /home/httpd/cgi-bin directory and remove the component, but there is no such directory. Does anyone know of a patch or procedure for removing this vulnerability? Thanks.

[mathew]

Please open a ticket with Avaya support for this.

[sumit007]

Quote:

Originally Posted by alindquist

Hello Everyone.
I have a number of CM 5.2.1 servers that are failing a secutrity audit. They have the "Caldera OpenLinux rpm_querryVulnerability". When I Google that, it says to go to the /home/httpd/cgi-bin directory and remove the component, but there is no such directory. Does anyone know of a patch or procedure for removing this vulnerability? Thanks.

Alin yes CM do have the cgi-bin directory. If you check the URL of CM - SMI interface it looks like
https://<IP ADDRESS of CM>/cgi-bin/

So if there any vulnerability then Avaya will patch it.

try to get CVE ID first and on behalf of that ask Avaya for the Support.

[yadav29]

HI,

please check the below link.

https://www.juniper.net/security/aut...vuln17587.html

Description:

The Linux kernel is prone to vulnerabilities regarding access to shared memory.

These vulnerabilities occur when shared-memory permissions are not properly validated.

The first issue allows attackers to replace portions of files containined in 'tmpfs' filesystems with zeros. Attackers utilize the 'madvise' system call to exploit this issue.

The second issue allows attackers to modify readonly portions of shared memory. Attackers utilize the 'mprotect' system call to exploit this issue.

An attacker can exploit these issues to possibly corrupt applications and their data when the applications use temporary files or shared memory.