Paketname
cacti
Datum
2007-01-15
Advisory ID
MDKSA-2007:015
Betroffene Versionen
CS4.0 x86_64 , CS4.0 i586

Problembeschreibung

SQL injection vulnerability in Cacti 0.8.6i and earlier, when
register_argc_argv is enabled, allows remote attackers to execute
arbitrary SQL commands via the (1) second or (2) third arguments to
cmd.php. NOTE: this issue can be leveraged to execute arbitrary
commands since the SQL query results are later used in the
polling_items array and popen function.

Updated packages are patched to address this issue.

Aktualisierte Pakete

CS4.0 x86_64

 8b9cf3a6ef01c3d6d72fe45796a6def5  corporate/4.0/x86_64/cacti-0.8.6f-3.1.20060mlcs4.noarch.rpm 
 b61668c2bb193cbad1a097a674405017  corporate/4.0/SRPMS/cacti-0.8.6f-3.1.20060mlcs4.src.rpm

CS4.0 i586

 5d8b682ea63e6f0624c38cc8350206a9  corporate/4.0/i586/cacti-0.8.6f-3.1.20060mlcs4.noarch.rpm 
 b61668c2bb193cbad1a097a674405017  corporate/4.0/SRPMS/cacti-0.8.6f-3.1.20060mlcs4.src.rpm

Referenzen