SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Zenoss Core Version Check Remote Code Execution

Category: MISC      

Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6261


Relevant Information