Nom du paquet
cacti
Date
2010-06-16
Advisory ID
MDVSA-2010:117
Affected versions
MES5 i586 , MES5 x86_64

Problem description

A vulnerability has been discovered and corrected in cacti:

SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier
allows remote attackers to execute arbitrary SQL commands via the
rra_id parameter in a GET request in conjunction with a valid rra_id
value in a POST request or a cookie, which bypasses the validation
routine (CVE-2010-2092).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 140770c1974e522397b5c39744ec8422  mes5/i586/cacti-0.8.7e-11.2mdvmes5.1.noarch.rpm 
 e227dce4f0cb120ab103f895ac62a2ca  mes5/SRPMS/cacti-0.8.7e-11.2mdvmes5.1.src.rpm

MES5 x86_64

 2c7396c682f13d1bb2bb64ee1da5bf31  mes5/x86_64/cacti-0.8.7e-11.2mdvmes5.1.noarch.rpm 
 e227dce4f0cb120ab103f895ac62a2ca  mes5/SRPMS/cacti-0.8.7e-11.2mdvmes5.1.src.rpm

References