GLSA-200411-37 : Open DC Hub: Remote code execution
Critical Nessus Plugin ID 15843
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200411-37 (Open DC Hub: Remote code execution)
Donato Ferrante discovered a buffer overflow vulnerability in the RedirectAll command of the Open DC Hub.
Upon exploitation, a remote user with administrative privileges can execute arbitrary code on the system running the Open DC Hub.
Only give administrative rights to trusted users.
SolutionAll Open DC Hub users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-p2p/opendchub-0.7.14-r2'