oss-sec mailing list archives
Re: CVE Request -- Cacti v0.8.7 -- three security fixes
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 01 Jun 2010 10:29:11 +0200
Hi Steve, Steven M. Christey wrote:
On Wed, 26 May 2010, Josh Bressers wrote:[A], MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerabilityhttp://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.htmlhttp://www.vupen.com/english/advisories/2010/1204 Credit: The vulnerability was discovered by Stefan Esser as part of the SQL Injection Marathon. Upstream changeset: http://svn.cacti.net/viewvc?view=rev&revision=5920Steve, you've been handling the MOPS stuff. I'm going to leave this one alone unless you tell me otherwise (I don't want to dupe).Use CVE-2010-2092, to be filled in later today (with a bunch of other MOPS issues).[C], SQL injection and shell escaping issues reported by Bonsai Information Security (http://www.bonsai-sec.com) [7] http://www.bonsai-sec.com/blog/index.php/using-grep-to-find-0days/ [8] http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php Credit: This vulnerability was discovered by Nahuel Grisolia ( nahuel -at- bonsai-sec.com ) Upstream changeset:[9] http://svn.cacti.net/viewvc?view=rev&revision=5747Josh assigned CVE-2010-1645 for the OS command issue.The SQL injection that Jan is referring to in the original request is most likely CVE-2010-1431, which was disclosed by Bonsai back in April.
Yeah, [C] refers to two issues: 1, SQL injection issue, known under CVE-2010-1431 / BONSAI-2010-0104 Proper patch is here: [1] http://svn.cacti.net/viewvc?view=rev&revision=5747 and 2, OS command injection issue, CVE-2010-1645 / BONSAI-2010-0105 References: [2] http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php Proper patches are the following three: (noticed by Tomas Hoger && confirmed by Tony Roman, thanks for it!) [3] http://svn.cacti.net/viewvc?view=rev&revision=5778 [4] http://svn.cacti.net/viewvc?view=rev&revision=5782 [5] http://svn.cacti.net/viewvc?view=rev&revision=5784 Also, there were also some regressions related with Cacti v0.8.7f: [6] http://forums.cacti.net/viewtopic.php?t=37845 From [6]: "If you have already upgraded to 0.8.7f, you can simple move back to 0.8.7e." and "Cacti 0.8.7g will be release on June 7th to address these issues.". Not sure if Cacti v0.8.7g will address yet some security issues, so Cc-ed Cacti Developers and Tony Roman on this email to detail, if necessary. Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
- Steve
Current thread:
- CVE Request -- Cacti v0.8.7 -- three security fixes Jan Lieskovsky (May 24)
- Re: CVE Request -- Cacti v0.8.7 -- three security fixes Josh Bressers (May 26)
- Re: CVE Request -- Cacti v0.8.7 -- three security fixes Steven M. Christey (May 27)
- Re: CVE Request -- Cacti v0.8.7 -- three security fixes Jan Lieskovsky (Jun 01)
- Re: CVE Request -- Cacti v0.8.7 -- three security fixes Steven M. Christey (Jun 07)
- Re: CVE Request -- Cacti v0.8.7 -- three security fixes Larry Adams (Jun 07)
- Re: CVE Request -- Cacti v0.8.7 -- three security fixes Tony Roman (Jun 07)
- Re: CVE Request -- Cacti v0.8.7 -- three security fixes Steven M. Christey (May 27)
- Re: CVE Request -- Cacti v0.8.7 -- three security fixes Josh Bressers (May 26)