oss-sec mailing list archives
Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b
From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 7 Aug 2013 21:16:02 +0200
Hi Kurt, hi Vincent, On Wed, Aug 07, 2013 at 11:18:53AM -0600, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/07/2013 10:06 AM, Vincent Danen wrote:Cacti 0.8.8b was released today [1] with a changelog that notes: Cacti 0.8.8b Change Log [...] * security: SQL injection and shell escaping issues It looks like the SQL injection issue is in api_poller.php and utility.php [2] I think there are two shell escaping issue: 1) snmp.php: Use escapeshellarg() instead of custom escape function for snmp library [3] 2) rrd.php: Properly escape all user input for consumption by rrdtool [4] [1] http://sourceforge.net/mailarchive/message.php?msg_id=31258868 [2] http://svn.cacti.net/viewvc?view=rev&revision=7394 [3] http://svn.cacti.net/viewvc?view=rev&revision=7392 [4] http://svn.cacti.net/viewvc?view=rev&revision=7393 Looks like 3 CVEs are needed.JUST FYI vdanen/myself were emailed off list about some CVE's that may have already been assigned to this. Just waiting on that info before proceeding.
The Debian Security Team had assigned the following CVEs: CVE-2013-1434: for the SQL injection issues, fixed by http://svn.cacti.net/viewvc?view=rev&revision=7394 CVE-2013-1435: for the shell escaping issues, fixed by http://svn.cacti.net/viewvc?view=rev&revision=7392 and http://svn.cacti.net/viewvc?view=rev&revision=7393 Regards, Salvatore
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Vincent Danen (Aug 07)
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Kurt Seifried (Aug 07)
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Salvatore Bonaccorso (Aug 07)
- Message not available
- Message not available
- Message not available
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Giuseppe Iuculano (Aug 13)
- Message not available
- Re: CVE request: SQL injection and shell escaping issues in Cacti < 0.8.8b Kurt Seifried (Aug 07)