Feed aggregator

[oCERT-2014-005] LPAR2RRD input sanitization errors

BugTraq Latest Security Advisories - July 23, 2014 - 8:59am

Posted by Daniele Bianco on Jul 23

#2014-005 LPAR2RRD input sanitization errors


LPAR2RRD is a performance monitoring and capacity planning software for IBM
Power Systems. LPAR2RRD generates historical, future trends and nearly
"real-time" CPU utilization graphs of LPAR's and shared CPU usage.

Insufficient input sanitization on the parameters passed to the application
web gui leads to arbitrary command injection on the LPAR2RRD application