Vulnerability Note VU#204232
Up.time agent for Linux does not authenticate a user before allowing read access to the file system
The up.time agent for Linux versions 7.5 and 7.6 may allow an unauthenticated remote attacker to read arbitrary files from a system.
CWE-306: Missing Authentication for Critical Function - CVE-2015-8268
According to the researcher, "The linux based uptime.agent version 7.5 provides the ability to remotely read any file on the remote system that the uptime.agent has read access to, without authentication." Idera has identified that versions 7.5 and 7.6 are affected.
An unauthenticated remote user may be able to read arbitrary files from a system running the Up.time agent for Linux.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Idera||Affected||11 Dec 2015||16 May 2016|
CVSS Metrics (Learn More)
Thanks to Ryan Wincey for reporting this vulnerability.
This document was written by Garret Wassermann.
- CVE IDs: CVE-2015-8268
- Date Public: 11 May 2016
- Date First Published: 19 May 2016
- Date Last Updated: 14 Jun 2016
- Document Revision: 30
If you have feedback, comments, or additional information about this vulnerability, please send us email.