The up.time agent for Linux versions 7.5 and 7.6 may allow an unauthenticated remote attacker to read arbitrary files from a system.
CWE-306: Missing Authentication for Critical Function - CVE-2015-8268
According to the researcher, "The linux based uptime.agent version 7.5 provides the ability to remotely read any file on the remote system that the uptime.agent has read access to, without authentication." Idera has identified that versions 7.5 and 7.6 are affected.
An unauthenticated remote user may be able to read arbitrary files from a system running the Up.time agent for Linux.
Apply an update
Thanks to Ryan Wincey for reporting this vulnerability.
This document was written by Garret Wassermann.
|Date First Published:||2016-05-19|
|Date Last Updated:||2016-06-14 15:04 UTC|