PT-2006-4321 · Patchlink+1 · Patchlink Update Server+1

Chris Steipp

Publicado

2006-07-07

Atualizado

2018-10-18

CVE-2006-3430

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PatchLink Update Server (PLUS) versions 6.1 through 6.1 before P1 PatchLink Update Server (PLUS) versions 6.2.x through 6.2 before SR1 P1 Novell ZENworks versions 6.2 SR1 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the agentid parameter in the "checkprofile.asp" file.

Recommendations For PatchLink Update Server (PLUS) versions 6.1 through 6.1 before P1, update to version 6.1 P1 or later. For PatchLink Update Server (PLUS) versions 6.2.x through 6.2 before SR1 P1, update to version 6.2 SR1 P1 or later. For Novell ZENworks versions 6.2 SR1 and earlier, update to a version later than 6.2 SR1.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2006-3430

Produtos afetados

Novell Zenworks

Patchlink Update Server

PT-2006-4321 · Patchlink+1 · Patchlink Update Server+1

CVE-2006-3430

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11