This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
The conga packages provide a web-based administration tool for remote
cluster and storage management.
A privilege escalation flaw was found in luci, the Conga web-based
administration application. A remote attacker could possibly use this
flaw to obtain administrative access, allowing them to read, create,
or modify the content of the luci application. (CVE-2011-0720)
Users of Conga are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
updated packages, luci must be restarted ('service luci restart') for
the update to take effect.
See also :
Update the affected luci and / or ricci packages.
Risk factor :
High / CVSS Base Score : 7.5
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60996 ()
CVE ID: CVE-2011-0720