MDVSA-2010:117
- Nom du paquet
- cacti
- Date
- 2010-06-16
- Advisory ID
- MDVSA-2010:117
- Affected versions
- MES5 i586 , MES5 x86_64
Problem description
A vulnerability has been discovered and corrected in cacti:
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier
allows remote attackers to execute arbitrary SQL commands via the
rra_id parameter in a GET request in conjunction with a valid rra_id
value in a POST request or a cookie, which bypasses the validation
routine (CVE-2010-2092).
The updated packages have been patched to correct this issue.
Updated packages
MES5 i586
140770c1974e522397b5c39744ec8422 mes5/i586/cacti-0.8.7e-11.2mdvmes5.1.noarch.rpm e227dce4f0cb120ab103f895ac62a2ca mes5/SRPMS/cacti-0.8.7e-11.2mdvmes5.1.src.rpm
MES5 x86_64
2c7396c682f13d1bb2bb64ee1da5bf31 mes5/x86_64/cacti-0.8.7e-11.2mdvmes5.1.noarch.rpm e227dce4f0cb120ab103f895ac62a2ca mes5/SRPMS/cacti-0.8.7e-11.2mdvmes5.1.src.rpm