Gatien Goteni

**Name of the Vulnerable Software and Affected Versions** Xorux Lpar2RRD versions 6.11 Stor2RRD versions 2.61 Xorux version 2.41 **Description** An issue was discovered where the integrity of an upgrade package is not correctly verified before processing. This allows official upgrade packages to be modified, enabling the injection of an arbitrary Bash script that will be executed by the system. The modification can be achieved by altering values in the `files.SUM` file and injecting malicious code into the `upgrade.sh` file. **Recommendations** For Xorux Lpar2RRD version 6.11, consider disabling the upgrade functionality until a patch is available. For Stor2RRD version 2.61, restrict access to the `upgrade.sh` file to minimize the risk of exploitation. For Xorux version 2.41, avoid using the modified `files.SUM` file for integrity control until the issue is resolved.