CESA-2011:0394 -- centos 5 x86_64 luci and ricciID: oval:org.secpod.oval:def:201647 | Date: (C)2012-01-31 (M)2021-07-09 |
Class: PATCH | Family: unix |
The conga packages provide a web-based administration tool for remote cluster and storage management. A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. Users of Conga are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, luci must be restarted for the update to take effect.