oss-sec mailing list archives

Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php

From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 5 Jan 2016 12:12:46 +0100

Hi Andreas,

On Tue, Jan 05, 2016 at 10:20:23AM +0100, Andreas Stieger wrote:

Hello,

On 01/05/2016 12:58 AM, cve-assign () mitre org wrote:

Another SQL injection vulnerability via graphs_new.php in cacti was
found, reported to the bug http://bugs.cacti.net/view.php?id=2652


http://bugs.cacti.net/view.php?id=2652 is CVE-2015-8604.


Check against a possible duplicate assignment with CVE-2015-8377?

http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt

https://bugzilla.redhat.com/show_bug.cgi?id=1291222
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8377


Theree are two different vulnerabilities here, see second comment in
http://bugs.cacti.net/view.php?id=2652 which describe both, the
CVE-2015-8377 and the new assigned one (CVE-2015-8604).

Does this helps?

Regards,
Salvatore

Current thread:

CVE Request: cacti: SQL injection vulnerability in graphs_new.php Salvatore Bonaccorso (Jan 04)
- Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php cve-assign (Jan 04)
  - Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Andreas Stieger (Jan 05)
    - Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Salvatore Bonaccorso (Jan 05)
    - Re: Re: CVE Request: cacti: SQL injection vulnerability in graphs_new.php Andreas Stieger (Jan 05)