Nom du paquet
cacti
Date
2010-05-06
Advisory ID
MDVSA-2010:092
Affected versions
CS4.0 x86_64 , MES5 i586 , CS4.0 i586 , MES5 x86_64

Problem description

A vulnerability has been found and corrected in cacti:

SQL injection vulnerability in templates_export.php in Cacti 0.8.7e
and earlier allows remote attackers to execute arbitrary SQL commands
via the export_item_id parameter (CVE-2010-1431).

Additionally cacti has been upgraded to 0.8.7e for Corporate Server 4.

The updated packages have been patched to correct this issue.

Updated packages

CS4.0 x86_64

 86170ffeee1bc83e01a3b77a6b40f329  corporate/4.0/x86_64/cacti-0.8.7e-0.1.20060mlcs4.noarch.rpm 
 f0e0ff07e7ac616ebff35462b5ffa50f  corporate/4.0/SRPMS/cacti-0.8.7e-0.1.20060mlcs4.src.rpm

MES5 i586

 2acb4fdcbf42d3fcd3741a5a3512dd4b  mes5/i586/cacti-0.8.7e-11.1mdvmes5.1.noarch.rpm 
 3d72b27fdf373d02a966292cd543fe76  mes5/SRPMS/cacti-0.8.7e-11.1mdvmes5.1.src.rpm

CS4.0 i586

 2f3d03d69004d2b28558482d10e216ea  corporate/4.0/i586/cacti-0.8.7e-0.1.20060mlcs4.noarch.rpm 
 f0e0ff07e7ac616ebff35462b5ffa50f  corporate/4.0/SRPMS/cacti-0.8.7e-0.1.20060mlcs4.src.rpm

MES5 x86_64

 ec13040e7536fb994b1b3126cdd21daa  mes5/x86_64/cacti-0.8.7e-11.1mdvmes5.1.noarch.rpm 
 3d72b27fdf373d02a966292cd543fe76  mes5/SRPMS/cacti-0.8.7e-11.1mdvmes5.1.src.rpm

References