MDVSA-2010:092
- Package name
- cacti
- Date
- 2010-05-06
- Advisory ID
- MDVSA-2010:092
- Affected versions
- CS4.0 x86_64 , MES5 i586 , CS4.0 i586 , MES5 x86_64
Problem description
A vulnerability has been found and corrected in cacti:
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e
and earlier allows remote attackers to execute arbitrary SQL commands
via the export_item_id parameter (CVE-2010-1431).
Additionally cacti has been upgraded to 0.8.7e for Corporate Server 4.
The updated packages have been patched to correct this issue.
Updated packages
CS4.0 x86_64
86170ffeee1bc83e01a3b77a6b40f329 corporate/4.0/x86_64/cacti-0.8.7e-0.1.20060mlcs4.noarch.rpm f0e0ff07e7ac616ebff35462b5ffa50f corporate/4.0/SRPMS/cacti-0.8.7e-0.1.20060mlcs4.src.rpm
MES5 i586
2acb4fdcbf42d3fcd3741a5a3512dd4b mes5/i586/cacti-0.8.7e-11.1mdvmes5.1.noarch.rpm 3d72b27fdf373d02a966292cd543fe76 mes5/SRPMS/cacti-0.8.7e-11.1mdvmes5.1.src.rpm
CS4.0 i586
2f3d03d69004d2b28558482d10e216ea corporate/4.0/i586/cacti-0.8.7e-0.1.20060mlcs4.noarch.rpm f0e0ff07e7ac616ebff35462b5ffa50f corporate/4.0/SRPMS/cacti-0.8.7e-0.1.20060mlcs4.src.rpm
MES5 x86_64
ec13040e7536fb994b1b3126cdd21daa mes5/x86_64/cacti-0.8.7e-11.1mdvmes5.1.noarch.rpm 3d72b27fdf373d02a966292cd543fe76 mes5/SRPMS/cacti-0.8.7e-11.1mdvmes5.1.src.rpm