Scientific Linux Security Update : luci on SL6.x i386/x86_64
Medium Nessus Plugin ID 71195
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionA flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. (CVE-2013-4482)
A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file. (CVE-2013-4481)
After installing this update, the luci service will be restarted automatically.
SolutionUpdate the affected luci and / or luci-debuginfo packages.