|
Post by fajo on Dec 2, 2010 3:49:09 GMT 7
Some PHP scripts provided with the Module Raid_Replication_1.00.0 do not check for proper authorization (admin). Beside this unchecked arguments are used unescaped as command line arguments in shell escapes which allows arbitrary code to be passed to the shell. Further one script can be used to remotely shut down the NAS. Users of the Raid_Replication module should de-install the module until a fixed version is made available. It is not sufficient to just disable the module since the scripts can be called directly. References:- BWT-767177 @esupport.thecus.com
- FSH-982972 @esupport.thecus-eu.com
/Falk
|
|