oss-sec mailing list archives

CVE Request -- Cacti v0.8.7 -- three security fixes

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 24 May 2010 12:18:51 +0200

Hi Steve,

  Cacti upstream has released:
   [1] http://www.cacti.net/release_notes_0_8_7f.php

  latest v0.8.7 version, adressing three security flaws:
    [A], MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability
           [2] 
http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html
           [3] http://www.vupen.com/english/advisories/2010/1204

         Credit: The vulnerability was discovered by Stefan Esser as part of the SQL Injection Marathon.
         Upstream changeset:
           [4] http://svn.cacti.net/viewvc?view=rev&revision=5920

    [B], Cross-site scripting issues reported by VUPEN Security (http://www.vupen.com)
           [5] http://www.vupen.com/english/advisories/2010/1203

         Credit: Vulnerabilities reported by Mohammed Boumediane (VUPEN Security).
         Upstream changeset:
           [6] http://svn.cacti.net/viewvc?view=rev&revision=5901

    [C], SQL injection and shell escaping issues reported by Bonsai Information Security (http://www.bonsai-sec.com)
           [7] http://www.bonsai-sec.com/blog/index.php/using-grep-to-find-0days/
           [8] http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php

         Credit: This vulnerability was discovered by Nahuel Grisolia ( nahuel -at- bonsai-sec.com )
         Upstream changeset:
           [9] http://svn.cacti.net/viewvc?view=rev&revision=5747

If a logged Cacti user was tricked into visiting a specially-crafted Web page, it could lead to:
i,   unauthorized arbitrary database data dislosure (vulnerability [A], from [2]),
ii,  unauthorized arbitrary scripting code execution (vulnerability [B], from [5]),
iii, execution of unintended commands or accessing unauthorized data. (vulnerability [C], from [8]).

References:
  [10] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582691
  [11] https://bugzilla.redhat.com/show_bug.cgi?id=595289

Could you allocate relevant CVE ids?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Cacti v0.8.7 -- three security fixes Jan Lieskovsky (May 24)
- Re: CVE Request -- Cacti v0.8.7 -- three security fixes Josh Bressers (May 26)
  - Re: CVE Request -- Cacti v0.8.7 -- three security fixes Steven M. Christey (May 27)
    - Re: CVE Request -- Cacti v0.8.7 -- three security fixes Jan Lieskovsky (Jun 01)
    - Re: CVE Request -- Cacti v0.8.7 -- three security fixes Steven M. Christey (Jun 07)
    - Re: CVE Request -- Cacti v0.8.7 -- three security fixes Larry Adams (Jun 07)
    - Re: CVE Request -- Cacti v0.8.7 -- three security fixes Tony Roman (Jun 07)