Bug 519497

Summary: ocsinventory: 'systemid' SQL injection vulnerabilities
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-27 15:02:50 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 519498    
Bug Blocks:    

Description Vincent Danen 2009-08-26 20:58:09 UTC 
Some vulnerabilities were reported [1],[2] in OCS Inventory NG which could be exploited to conduct SQL injection attacks.  Input passwd to the 'systemid' parameter in group_show.php and machine.php is not properly sanitized before being used in an SQL query, which can be used to inject arbitrary SQL code.  The vulnerabilities are confirmed in version 1.02.1 (current version in Fedora and EPEL).

A patch for machine.php is here:  http://ocsinventory.svn.sourceforge.net/viewvc/ocsinventory/branches/server/1.02/ocsreports/machine.php?r1=1762&r2=1829

[1] http://secunia.com/advisories/35311/
[2] http://seclists.org/fulldisclosure/2009/Aug/0143.html
Comment 2 Vincent Danen 2009-08-27 15:02:50 UTC 

*** This bug has been marked as a duplicate of bug 517837 ***