Scientific Linux Security Update : conga on SL4.x i386/x86_64
High Nessus Plugin ID 60996
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionThe conga packages provide a web-based administration tool for remote cluster and storage management.
A privilege escalation flaw was found in luci, the Conga web-based administration application. A remote attacker could possibly use this flaw to obtain administrative access, allowing them to read, create, or modify the content of the luci application. (CVE-2011-0720)
Users of Conga are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, luci must be restarted ('service luci restart') for the update to take effect.
SolutionUpdate the affected luci and / or ricci packages.