Enomaly ECP/Enomalism versions prior to 2.1.1 use temporary files in an insecure manner, allowing for symlink and command injection attacks.
c2f83d754ab9d6bdb0af2e41fc5bf6c46034f1807d705f25738a759685b5720dSecunia Security Advisory - Sam Johnston has reported some security issues in Enomaly ECP Community Edition, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
43f6e61881222e55b8ed4aa3c08712b066e6223b1bc071e64642f87b43f8bba1Enomaly ECP versions up to and including 3.0.4 are believed to contain an insecure silent update mechanism that could allow a remote attacker to execute arbitrary code as root, and to inject or modify VM workloads for execution within user environment or to replay older, insecure workloads. Both the Enomaly ECP implementation and the VMcasting protocol itself are believed to be vulnerable.
e16285c2f1ba9ebc8fd42584526dc51cf5c5ff2063e048b6d25545b604a2ead0Secunia Security Advisory - Sam Johnston has reported a security issue in Enomaly ECP, which can be exploited by malicious people to compromise a vulnerable system.
b6fd3dfd727d32d52794062ca63fd0f7614875ec8425ea6a05ac72738c2cf99bAll versions of Enomaly ECP/Enomalism before 2.2.1 have multiple issues relating to the use of temporary files in an insecure manner.
461388d5af9b086c1ea7698c7c71be0f51f4b95fd1d2fce9bd1ff0fe15f9f6d3All versions of Enomaly ECP/Enomalism have an insecure silent update mechanism that could allow a remote attacker to execute arbitrary code as root.
9f314c7d809a33fd1f2f922ca6d89e8825901419404addfcf7d0d5e4c2e48bcaSecunia Security Advisory - A vulnerability has been reported in Enomaly ECP, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
c9ae97de3a30444e26c428487095bb7e1dab57e3224cf850a0ed945cf02bb28d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed