MDKSA-2007:015
- Package name
- cacti
- Date
- 2007-01-15
- Advisory ID
- MDKSA-2007:015
- Affected versions
- CS4.0 x86_64 , CS4.0 i586
Problem description
SQL injection vulnerability in Cacti 0.8.6i and earlier, when
register_argc_argv is enabled, allows remote attackers to execute
arbitrary SQL commands via the (1) second or (2) third arguments to
cmd.php. NOTE: this issue can be leveraged to execute arbitrary
commands since the SQL query results are later used in the
polling_items array and popen function.
Updated packages are patched to address this issue.
Updated packages
CS4.0 x86_64
8b9cf3a6ef01c3d6d72fe45796a6def5 corporate/4.0/x86_64/cacti-0.8.6f-3.1.20060mlcs4.noarch.rpm b61668c2bb193cbad1a097a674405017 corporate/4.0/SRPMS/cacti-0.8.6f-3.1.20060mlcs4.src.rpm
CS4.0 i586
5d8b682ea63e6f0624c38cc8350206a9 corporate/4.0/i586/cacti-0.8.6f-3.1.20060mlcs4.noarch.rpm b61668c2bb193cbad1a097a674405017 corporate/4.0/SRPMS/cacti-0.8.6f-3.1.20060mlcs4.src.rpm