Vulnerability Description
Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, or (17) dpm_list_pfr_entry function; the (18) surl variable in the dpm_get_cpr_by_surl function; the (19) to_surl variable in the dpm_get_cpr_by_surls function; the (20) u_token variable in the dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry, or (25) dpm_insert_xferreq_entry function; the (26) s_token variable in the dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, or (33) dpm_update_pfr_entry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry, or (39) dpm_update_spcmd_entry function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Disk Pool Manager Project | Disk Pool Manager | <= 1.8.1 |
Related Weaknesses (CWE)
References
- http://blog.pi3.com.pl/?p=402Exploit
- http://secunia.com/advisories/52487Vendor Advisory
- http://site.pi3.com.pl/adv/disk_pool_manager_1.txt
- http://www.openwall.com/lists/oss-security/2013/03/10/1Exploit
- http://www.openwall.com/lists/oss-security/2013/03/12/1
- https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683PatchVendor Advisory
- http://blog.pi3.com.pl/?p=402Exploit
- http://secunia.com/advisories/52487Vendor Advisory
- http://site.pi3.com.pl/adv/disk_pool_manager_1.txt
- http://www.openwall.com/lists/oss-security/2013/03/10/1Exploit
- http://www.openwall.com/lists/oss-security/2013/03/12/1
- https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2012-2683PatchVendor Advisory
FAQ
What is CVE-2011-4970?
CVE-2011-4970 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm...
How severe is CVE-2011-4970?
CVE-2011-4970 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4970?
Check the references section above for vendor advisories and patch information. Affected products include: Disk Pool Manager Project Disk Pool Manager.