CM 5.2.1 vulnerability

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • alindquist
    Whiz
    .
    • May 2010
    • 35

    CM 5.2.1 vulnerability

    Hello Everyone.
    I have a number of CM 5.2.1 servers that are failing a secutrity audit. They have the "Caldera OpenLinux rpm_querryVulnerability". When I Google that, it says to go to the /home/httpd/cgi-bin directory and remove the component, but there is no such directory. Does anyone know of a patch or procedure for removing this vulnerability? Thanks.
  • mathew
    Hot Shot
    .
    • Aug 2010
    • 16

    #2
    Please open a ticket with Avaya support for this.

    Comment

    • sumit007
      Brainiac
      • Oct 2013
      • 63

      #3
      Originally posted by alindquist View Post
      Hello Everyone.
      I have a number of CM 5.2.1 servers that are failing a secutrity audit. They have the "Caldera OpenLinux rpm_querryVulnerability". When I Google that, it says to go to the /home/httpd/cgi-bin directory and remove the component, but there is no such directory. Does anyone know of a patch or procedure for removing this vulnerability? Thanks.
      Alin yes CM do have the cgi-bin directory. If you check the URL of CM - SMI interface it looks like
      https://<IP ADDRESS of CM>/cgi-bin/

      So if there any vulnerability then Avaya will patch it.

      try to get CVE ID first and on behalf of that ask Avaya for the Support.
      S.S.

      Comment

      • yadav29
        Brainiac
        • Jan 2013
        • 55

        #4
        HI,

        please check the below link.



        Description:

        The Linux kernel is prone to vulnerabilities regarding access to shared memory.

        These vulnerabilities occur when shared-memory permissions are not properly validated.

        The first issue allows attackers to replace portions of files containined in 'tmpfs' filesystems with zeros. Attackers utilize the 'madvise' system call to exploit this issue.

        The second issue allows attackers to modify readonly portions of shared memory. Attackers utilize the 'mprotect' system call to exploit this issue.

        An attacker can exploit these issues to possibly corrupt applications and their data when the applications use temporary files or shared memory.
        Rao

        Comment

        Loading