Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by the underlying system. It is possible to achieve this by modifying the values in the files.SUM file (which are used for integrity control) and injecting malicious code into the upgrade.sh file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xorux Lpar2RRD和Stor2RRD 操作系统命令注入漏洞
Vulnerability Description
Xorux LPAR2RRD和STOR2RRD都是捷克Xorux公司的产品。LPAR2RRD是一款服务器监控工具。STOR2RRD是一款存储性能和容量监控工具。 Xorux Lpar2RRD 6.11版本和Stor2RRD 2.61版本(用在Xorux 2.41版本版本)中存在安全漏洞,该漏洞源于程序在处理更新包之前,没有正确验证该更新包。攻击者可通过修改更新包利用该漏洞执行注入的任意Bash脚本。
CVSS Information
N/A
Vulnerability Type
N/A