UBUNTU-CVE-2011-4970
- Source
- https://ubuntu.com/security/CVE-2011-4970
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-4970.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2011-4970
- Upstream
- Published
- 2014-05-13T14:55:00Z
- Modified
- 2026-04-22T09:09:48.257518Z
- Severity
-
- Ubuntu - medium
- Summary
- [none]
- Details
-
Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) rtoken variable in the dpmgetpendingreqbytoken, (2) dpmgetcprbyfullid, (3) dpmgetcprbysurl, (4) dpmgetcprbysurls, (5) dpmgetgfrbyfullid, (6) dpmgetgfrbysurl, (7) dpmgetpfrbyfullid, (8) dpmgetpfrbysurl, (9) dpmgetreqbytoken, (10) dpminsertcprentry, (11) dpminsertgfrentry, (12) dpminsertpendingentry, (13) dpminsertpfrentry, (14) dpminsertxferreqentry, (15) dpmlistcprentry, (16) dpmlistgfrentry, or (17) dpmlistpfrentry function; the (18) surl variable in the dpmgetcprbysurl function; the (19) tosurl variable in the dpmgetcprbysurls function; the (20) utoken variable in the dpmgetpendingreqsbyudesc, (21) dpmgetreqsbyudesc, (22) dpmgetspcmdbyudesc, (23) dpminsertpendingentry, (24) dpminsertspcmdentry, or (25) dpminsertxferreqentry function; the (26) stoken variable in the dpmgetspcmdbytoken, (27) dpminsertcprentry, (28) dpminsertgfrentry, (29) dpminsertpfrentry, (30) dpminsertspcmdentry, (31) dpmupdatecprentry, (32) dpmupdategfrentry, or (33) dpmupdatepfrentry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpmgetpoolentry, (35) dpminsertfsentry, (36) dpminsertpoolentry, (37) dpminsertspcmdentry, (38) dpmlistfsentry, or (39) dpmupdatespcmd_entry function.
- References
Affected packages
Ubuntu:16.04:LTS / lcgdm
Package
- Name
- lcgdm
- Purl
- pkg:deb/ubuntu/lcgdm@1.8.10-1build3?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "dpm",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "dpm-copy-server-mysql",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "dpm-copy-server-postgres",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "dpm-name-server-mysql",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "dpm-name-server-postgres",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "dpm-rfio-server",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "dpm-server-mysql",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "dpm-server-postgres",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "dpm-srm-server-mysql",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "dpm-srm-server-postgres",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "lfc",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "lfc-dli",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "lfc-server-mysql",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "lfc-server-postgres",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "libdpm-perl",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "libdpm1",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "liblcgdm1",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "liblfc-perl",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "liblfc1",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "python-dpm",
"binary_version": "1.8.10-1build3"
},
{
"binary_name": "python-lfc",
"binary_version": "1.8.10-1build3"
}
]
}
Ubuntu:18.04:LTS / lcgdm
Package
- Name
- lcgdm
- Purl
- pkg:deb/ubuntu/lcgdm@1.10.0-2?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "dpm",
"binary_version": "1.10.0-2"
},
{
"binary_name": "dpm-copy-server-mysql",
"binary_version": "1.10.0-2"
},
{
"binary_name": "dpm-copy-server-postgres",
"binary_version": "1.10.0-2"
},
{
"binary_name": "dpm-name-server-mysql",
"binary_version": "1.10.0-2"
},
{
"binary_name": "dpm-name-server-postgres",
"binary_version": "1.10.0-2"
},
{
"binary_name": "dpm-rfio-server",
"binary_version": "1.10.0-2"
},
{
"binary_name": "dpm-server-mysql",
"binary_version": "1.10.0-2"
},
{
"binary_name": "dpm-server-postgres",
"binary_version": "1.10.0-2"
},
{
"binary_name": "dpm-srm-server-mysql",
"binary_version": "1.10.0-2"
},
{
"binary_name": "dpm-srm-server-postgres",
"binary_version": "1.10.0-2"
},
{
"binary_name": "lfc",
"binary_version": "1.10.0-2"
},
{
"binary_name": "lfc-dli",
"binary_version": "1.10.0-2"
},
{
"binary_name": "lfc-server-mysql",
"binary_version": "1.10.0-2"
},
{
"binary_name": "lfc-server-postgres",
"binary_version": "1.10.0-2"
},
{
"binary_name": "libdpm-perl",
"binary_version": "1.10.0-2"
},
{
"binary_name": "libdpm1",
"binary_version": "1.10.0-2"
},
{
"binary_name": "liblcgdm1",
"binary_version": "1.10.0-2"
},
{
"binary_name": "liblfc-perl",
"binary_version": "1.10.0-2"
},
{
"binary_name": "liblfc1",
"binary_version": "1.10.0-2"
},
{
"binary_name": "python-dpm",
"binary_version": "1.10.0-2"
},
{
"binary_name": "python-lfc",
"binary_version": "1.10.0-2"
},
{
"binary_name": "python3-dpm",
"binary_version": "1.10.0-2"
},
{
"binary_name": "python3-lfc",
"binary_version": "1.10.0-2"
}
]
}