CVE-2013-3632

1. offizieller Beitrag

    Saw this on the National Vulnerability Database.
    https://web.nvd.nist.gov/view/…tail?vulnId=CVE-2013-3632


    Has it been addressed?

    OpenMediaVault 7.0.4-2 (Sandworm) :thumbup:
    HARDWARE: Raspberry Pi 4 Model B Rev 1.2 | SYSTEM: Debian GNU/Linux 12 (bookworm) aarch64

    KERNEL: Linux 6.1.21-v8+ | PROCESSOR: BCM2835 (4) @ 1.500GHz | MEMORY: 4GB | STORAGE: MicroSD 60GB + HDD 6TB
    PLUGINS: nut, omvextrasorg, backup, compose, cputemp, flashmemory, kernel, remotemount, sharerootfs

    DOCKER: nginx proxy manager, pi-hole, wireguard, transmission

    • Offizieller Beitrag

    That is a year old. Being able to execute commands as root by an authenticated user is a feature not vulnerability. A lot of cron jobs need to run as root for proper privileges.

    omv 7.0.5-1 sandworm | 64 bit | 6.8 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.13 | compose 7.1.4 | k8s 7.1.0-3 | cputemp 7.0.1 | mergerfs 7.0.4


    omv-extras.org plugins source code and issue tracker - github - changelogs


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

    http://bugtracker.openmediavault.org/view.php?id=907


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

    I am glad to hear that it's a non-issue. However, since this vulnerability info is on many sites and its wording vaguely suggests any authenticated user can run commands as root, I think it's necessary for OMV to set the record straight and put everyone's mind at ease.

    OpenMediaVault 7.0.4-2 (Sandworm) :thumbup:
    HARDWARE: Raspberry Pi 4 Model B Rev 1.2 | SYSTEM: Debian GNU/Linux 12 (bookworm) aarch64

    KERNEL: Linux 6.1.21-v8+ | PROCESSOR: BCM2835 (4) @ 1.500GHz | MEMORY: 4GB | STORAGE: MicroSD 60GB + HDD 6TB
    PLUGINS: nut, omvextrasorg, backup, compose, cputemp, flashmemory, kernel, remotemount, sharerootfs

    DOCKER: nginx proxy manager, pi-hole, wireguard, transmission

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden