op5 Appliance Multiple Remote Command Execution Vulnerabilities

Bugtraq ID:	51212
Class:	Input Validation Error
CVE:	CVE-2012-0261 CVE-2012-0262
Remote:	Yes
Local:	No
Published:	Dec 30 2011 12:00AM
Updated:	Jan 11 2012 01:30PM
Credit:	Peter Osterberg, Ekelow
Vulnerable:	op5 Appliance Server 0
Not Vulnerable:

op5 Appliance Multiple Remote Command Execution Vulnerabilities

op5 Appliance is prone to multiple remote command-execution vulnerabilities because it fails to properly validate user-supplied input.

An attacker can exploit these issues to execute arbitrary commands within the context of the vulnerable system.

op5 Appliance Multiple Remote Command Execution Vulnerabilities

Attackers can exploit these issues with a browser.

The following exploits are available:

• /data/vulnerabilities/exploits/51212.txt
• /data/vulnerabilities/exploits/51212.rb
• /data/vulnerabilities/exploits/51212-2.rb

op5 Appliance Multiple Remote Command Execution Vulnerabilities

Solution:
Updates are available. Please see the references for more details.

op5 Appliance Multiple Remote Command Execution Vulnerabilities

References:

• Fixed vulnerabilities for op5 Monitor and op5 Appliance (op5)
  
• op5 Appliance Server Homepage (op5)
  
• Security Advisory OP5 Monitor (Ekelow)